European regulators to take first GDPR action by year’s end 

European regulators to take first GDPR action by year’s end 
18 Oct 2018

European regulators are set to hand out fines and even temporary bans on companies that breach the European Union’s new General Data Protection Regulation (GDPR) data protection law.

The first round of sanctions are expected by the end of the year, European data protection supervisor Giovanni Buttarelli told Reuters. The new legislation gives regulators the power to impose fines for any violations of up to 4% of an organisation’s global revenues or €20 million (US$23 million), whichever is higher.

Action will not be taken before then as enforcers, which have been deluged with complaints about infringements and queries for clarification, have struggled to cope. France and Italy alone have reported a 53% jump in complaints from last year.

"I expect the first GDPR fines for some cases by the end of the year," Buttarelli said. "Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban, or to give them an ultimatum."

Fines could be imposed on any company that operates in Europe, no matter where it is headquartered. Complaints filed against Google, Facebook, Instagram and WhatsApp by Austrian data privacy activist Max Schrems are not expected to be among the first batch of cases though as they are still at a preliminary stage.

Meanwhile, the UK’s Heathrow Airport has been fined £120,000 (US$136,910) by regulators following a data breach caused by a lost USB stick, which held information that was neither protected nor encrypted. The storage device held 76 folders and more than 1,000 confidential files with the names, dates of birth, passport numbers and other details relating to individuals and aviation security staff. It was discovered by a member of the public in October last year.

UK Information Commissioner’s Office (ICO) director of investigations Steve Eckersley said: "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training, and vision that indicated otherwise."

A Heathrow Airport spokesperson told ZDNet: "Following this incident, the company took swift action and strengthened processes and policies. We accept the fine that the ICO have deemed appropriate and have spoken to all individuals involved."

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Webinar: Protecting personal data and payroll professionals

Nielsen sued for alleged inaccurate statements on GDPR readiness

Ensuring GDPR compliance in HR and payroll

 

European regulators are set to hand out fines and even temporary bans on companies that breach the European Union’s new General Data Protection Regulation (GDPR) data protection law.

The first round of sanctions are expected by the end of the year, European data protection supervisor Giovanni Buttarelli told Reuters. The new legislation gives regulators the power to impose fines for any violations of up to 4% of an organisation’s global revenues or €20 million (US$23 million), whichever is higher.

Action will not be taken before then as enforcers, which have been deluged with complaints about infringements and queries for clarification, have struggled to cope. France and Italy alone have reported a 53% jump in complaints from last year.

"I expect the first GDPR fines for some cases by the end of the year," Buttarelli said. "Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban, or to give them an ultimatum."

Fines could be imposed on any company that operates in Europe, no matter where it is headquartered. Complaints filed against Google, Facebook, Instagram and WhatsApp by Austrian data privacy activist Max Schrems are not expected to be among the first batch of cases though as they are still at a preliminary stage.

Meanwhile, the UK’s Heathrow Airport has been fined £120,000 (US$136,910) by regulators following a data breach caused by a lost USB stick, which held information that was neither protected nor encrypted. The storage device held 76 folders and more than 1,000 confidential files with the names, dates of birth, passport numbers and other details relating to individuals and aviation security staff. It was discovered by a member of the public in October last year.

UK Information Commissioner’s Office (ICO) director of investigations Steve Eckersley said: "Data protection should have been high on Heathrow's agenda. But our investigation found a catalogue of shortcomings in corporate standards, training, and vision that indicated otherwise."

A Heathrow Airport spokesperson told ZDNet: "Following this incident, the company took swift action and strengthened processes and policies. We accept the fine that the ICO have deemed appropriate and have spoken to all individuals involved."

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

OTHER ARTICLES THAT MAY INTEREST YOU

Webinar: Protecting personal data and payroll professionals

Nielsen sued for alleged inaccurate statements on GDPR readiness

Ensuring GDPR compliance in HR and payroll