First GDPR penalties: who has already been punished

 3r3192. 3r3-31. GDRP came into force more than six months ago, but the regulators began to write out the first "letters of happiness" only recently. In the material - about those companies that have already received them. 3r3161.  3r3192. 3r3161.  3r3192. First GDPR penalties: who has already been punished 3r33177. 3r3161.  3r3192.
/photo
Kiefer
CC BY-SA
3r3161.  3r3192. 3r3161.  3r3192.

“Soft Start” GDPR

3r3161.  3r3192. GDPR entered into force on May 2? 2018 3-333177. . By that time, all the organizations that store and process personal data of EU residents were supposed to update user agreements and bring all work processes in line with the requirements of the regulations. Failure to comply with the requirements resulted in a fine of twenty million euros or four percent of the violating company's annual revenue. 3r3161.  3r3192. 3r3161.  3r3192. But not all companies treated the regulations with due attention. According to a study by analysts from the Ponemon Institute, more than half of European and American organizations are 3r-335. did not have time to perform all GDPR deadline requirements. Therefore, many major publications, among which 3r3337. was and The Verge
, suggested that European regulators will conduct a "soft launch" of the new law. That is, some time will not penalize violators, considering financial penalties as a last resort. 3r3161.  3r3192. 3r3161.  3r3192. In general, this is what happened, even large companies such as Facebook and Google have not been punished. Complaints against them were filed on the very first day of the validity of the regulations. Then with a suit. turned Australian lawyer and data protection fighter Max Schrems (Max Schrems). Schrems argued that companies are forcing users to consent to the processing of personal data under the threat of restricting access to services. And although the proceedings is still underway. , There is a probability of that eventually the charges will be removed. 3r3161.  3r3192. 3r3161.  3r3192.

Who nevertheless received fines

3r3161.  3r3192. A few months after the entry into force of the GDPR, European regulators tightened their approach to companies. In November, the regulator of the German region of Baden-Württemberg (LfDI) imposed a fine chat application for dating Knuddels. This case was the first punishment for the GDPR in Germany. 3r3161.  3r3192. 3r3161.  3r3192. In September, the service found a “breach”, through which flowed into the network. logins and passwords 330 thousand users. It turned out that all personal data was stored in the form of unencrypted text files. The German regulator has appointed a company a fine of 20 thousand euros. Amount 3r3633. It turned out relatively small
because Knuddles promptly reported the leak and agreed to implement additional security measures. 3r3161.  3r3192. 3r3161.  3r3192. /photo Stock Catalog 3r376. CC BY

3r3161.  3r3192. 3r3161.  3r3192. Another fine for the GDPR, which became known in September, is 3r3384. appointed
Portuguese Data Protection Commission (CNPD). He received one of the hospitals of Portugal. A vulnerability was discovered in her medical record storage system, which allowed access to patient data using fake employee profiles. The system found 985 registered accounts, although only 296 doctors worked in the hospital. The medical institution had to pay 400 thousand euros. 3r3161.  3r3192. 3r3161.  3r3192. The first maximum penalty for violation of the requirements of the GDPR was also appointed. British regulator 3r390. obliged
Canadian consulting company AggregateIQ to pay twenty million euros for the illegal collection and processing of data of users of social networks for targeted campaigns. Now AggregateIQ is trying to challenge the fine, but probably the company will still have to part with their money. 3r3161.  3r3192. 3r3161.  3r3192.

Who else can get a fine

3r3161.  3r3192. So far, the fines imposed for violation of the requirements of the GDPR remain rather small (except for the situation with AggregateIQ), compared to the maximum penalty for not meeting the requirements of the GDPR. However, data protection expert and author of information security books Guy Bunker believes that the law “will show more teeth”. Data leaks occur almost daily, so Banker 3–3–3100. believes
that in the near future penalties will increase significantly. 3r3161.  3r3192. 3r3161.  3r3192. The information security consultant Benjamin Ellis agrees with him. According to him, while regulators willingly helped companies to “patch up the gaps” in safety and practically did not apply penalties. But Ellis believes that in 2019 those who violate the regulations will be treated more severely. 3r3161.  3r3192. 3r3161.  3r3192. One of the first major “victims of GDPR” of the coming year is 3-333110. may become Microsoft
. The IT giant was accused of storing data on users — IP addresses and e-mail headers — Office applications. At the same time, some of this data fell on servers located in the United States (and not in Europe, as required by the GDPR), and users were not warned about collecting any telemetry. 3r3161.  3r3192. 3r3161.  3r3192. Another big fine coming soon 3r3r116. faces
Facebook In September, the social network was hacked - the attackers stole personal data of 50 million users. Now, European regulators are investigating and trying to determine whether Facebook’s negligence led to a leak and how much EU citizens suffered from data theft. Facebook may be required to pay up to four billion dollars. 3r3161.  3r3192. 3r3161.  3r3192. 3r3122. It can be assumed that next year the penalties for violations in the processing of personal data of users in Europe will become more and more. “Fuel to the fire” will add to the ePrivacy Regulation, which is should start acting in 2019 3r3125. 3r3161.  3r3192. It will additionally tighten the rules for working with cookies and add headaches to IT companies. And the penalties for non-compliance with his requirements are also high: from two to four percent of the company's annual income of the culprit, or ten million euros. 3r3161.  3r3192. 3r3161.  3r3192. 3r3-33132. 3r3161.  3r3192. P.S. Materials on the topic from the First Corporate IaaS Blog:
 3r3192. 3r3161.  3r3192.
 3r3192. 3r? 3175. 3r3142. The effect of the GDPR: how the new regulation has affected the IT ecosystem 3r3-33177. 3r3178.  3r3192. 3r? 3175. 3r3147. Regulation of work with personal data in Russia and Europe 3-3-33177. 3r3178.  3r3192. 3r? 3175. 3r3152. PD in the cloud: areas of responsibility of the customer and the cloud provider
3r3178.  3r3192. 3r33180. 3r3161.  3r3192. P.P.S. Our Telegram channel about IaaS technology:
 3r3192. 3r3161.  3r3192.
 3r3192. 3r? 3175. 3r3r1616. How to handle PD in Russia and Europe
3r3178.  3r3192. 3r? 3175. 3r3171. Why a good IaaS provider does not build its data center
3r3178.  3r3192. 3r? 3175. 3r3176. Where are already using supercomputers
3r3178.  3r3192. 3r33180. 3r3188. 3r3192. 3r3192. 3r3192. 3r3185. ! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script"), r.type = "text /jаvascript", r.async =! ? r.defer =! ? r.src = t, r.charset = "UTF-8"; var d = function () {var e = a.getElementsByTagName ("script")[0]; e. ): d ()}}} t ("//mediator.mail.ru/script/2820404/"""_mediator") () (); 3r3186. 3r3192. 3r3188. 3r3192. 3r3192. 3r3192. 3r3192.
+ 0 -

Add comment