Online privacy is more important than ever but sometimes hard to achieve. Several years ago, the European Union (EU) enacted legislation to protect consumers from data breaches and allow them more control over their personally identifiable information (PII). In fact, the General Data Protection Regulation (GDPR) “is the toughest privacy and security law in the world.” The GDPR’s strict regulations allow for harsh penalties like the following recent GDPR sanctions.
Vodafone Espana, S.A.U.
The Spanish Data Protection Authority fined this company EUR 200,000 (USD 243,319) for sending emails and bills to a former customer. The fine was dropped to EU 120,000 because Vodafone promptly paid the fine.
ING Bank, N.V.
GDPR sanctions were assessed against ING Bank for “insufficient technical and organizational measure to ensure information security.” The controller of the Amsterdam-Bucharest branch sent files with outdated employee information to another company.
HH Invest SIA
This online merchant received GDPR sanctions totaling EUR 15,000 (USD 18,249.92) due to “insufficient fulfilment of information obligations.” Specifically, the company’s website contained a privacy policy that was difficult to understand.
Banderacatalana.cat
This online store violated the GDPR by allowing people under age 16 to submit a newsletter subscription form. GDPR sanctions totaled EUR 10,000 (USD 12,165.95).
Charly Mike s.r.l.
GDPR sanctions even cover video surveillance. This hotel operator violated the GDPR by installing cameras that recorded customers and employees without the required signage.
Robinson Tours Ltd.
The Hungarian National Authority for Data Protection and the Freedom of Information fined this company EUR 55,400 (USD 67,399.36) for failing to protect customer data, which could be accessed via Google. Also, the company failed to notify customers that their information was part of the data breach.
British Airways
Hackers diverted British Airways’ online traffic to a fraudulent site, where they harvested customer data. The airline was fined EUR 22,046,000 (£20 million, USD 26,817,403.58) because of insufficient security.
France assessed GDPR sanctions against this Internet giant based on violations of article 6 related to consent on personalized advertising. Although headquartered in the United States, Google does business worldwide, including countries within EU jurisdiction. The fine totaled $56 million US dollars.
Marriott
GDPR sanctions can be assessed for data breaches. Marriott had a data breach affecting about 30 million EU residents. The fine levied against Marriott was for £99 million or $123 million US dollars.
Could Your Company Be Affected by GDPR Sanctions?
Yes, even companies located in the US are vulnerable to GDPR sanctions. If you have customers located in the EU or even a website that EU residents can access, make sure you comply with the GDPR.
Attorney Richard Sierra at the Florida Small Business Center assists clients like you with business and litigation matters. As always, Our Goal Is to Help You Succeed™. For an appointment, you may call us at 1-866-842-5202 or use the contact form on our website. We represent clients throughout the State of Florida, including Coral Springs, Coconut Creek, Boca Raton, Delray Beach, Pompano Beach, Sunrise, Fort Lauderdale, Miami, West Palm Beach, Jupiter, Deerfield Beach, Stuart, Port St. Lucie, Orlando, Naples, Fort Myers, Sarasota, Tampa, and surrounding communities.