All About the First Week of GDPR Effect

After a prolonged and at times polemical process, the General Data Protection Regulation (GDPR) finally came into effect in Europe. With the introduction of this new regulation, there will be constructive changes in the data privacy and protection of organizations not just in Europe but other countries as well. In this article we will be delving into some fresh insights derived from the first week of the EU GDPR effect.

EU GDPR Fines

As per GDPR, there are two levels of fines. The first fine level reaches up to EUR 10 million or 2% of the company’s turnover from the previous financial year (whichever is higher). The second level fine hits up to EUR 20 million or 4% of the annual turnover of the company, (whichever is higher). These fines are considered substantial and a good reason for the companies to be in compliance with GDPR 2018. The fine will be heavier for violation of provision entailing the transfer of personal data to the recipients of an international organization or a third country. Earlier, the parliament had requested to increase the fine up to EUR 100 million or 5% of the company’s annual turnover, but later agreed to these two levels. Additionally, there are around 11 factors that would be considered when evaluating the fines for the desecration and they are-

• • The nature, duration, and gravity of the infringement.
  • The character of the violation (negligent or intentional).
  • The action that was taken to mitigate the damage.
  • The degree of responsibility.
  • Record of any previous relevant infringement.
  • The level of cooperation with the authorities.
  • Category of affected personal data.
  • The nature of revelation.
  • Compliance with the ordered measures.
  • Adherence to a code of conduct.
  • Other relevant mitigating or aggravating facets applicable.

  Understanding the Data Protection Authority

  One of the primary objectives of Gdpr is to harmonize the data protection compliance all across the European Union and the European Economic Areas. However, the regulation also entails that each state gets a supervisory authority, which is named as Data Protection Authority (DPA). Note that if an organization has business in multiple member states, then it may have to deal with more than one DPA. These authorities will be defining the fine an institution will have to bear depending on the degree of infringement and other above-mentioned factors.

  The Impact of GDPR 2018

  The first week of GDPR launch was extremely crucial, to say the least. Max Schrems, a reputed privacy advocate filed his first complaint under the GDPR within a few hours of its effect. What surprised the people most were his first targets - leading tech giants Alphabet-Google and Facebook along with its subsidiary Instagram and WhatsApp. Schrems in his case protested that Facebook forced consent on its users that violated the GDPR. However, Erin Egan, the Chief Privacy Officer of Facebook reassured media about the institution’s efforts towards GDPR compliance.

  Max Schrems also calculated an approximate amount of fine that might be waiting for the tech giants at the end of the case. For example, he calculated Alphabet-Google’s annual revenue reaches around USD 101.85 Billion or EUR 94.79 Billion and a 4% fine of these annual earnings would stand at EUR 3.79 Billion. This brave move by Schrems has forced many leading companies to reform their privacy policies and make it in compliance with GDPR.

I am sure all big organisations must be carrying out a proper risk assessment for their big processes and tasks and must not have paid attention to the primary cleaning risk assessment aspect.