Tuesday, January 26, 2021
Techiexpert.com
No Result
View All Result
  • Login
  • Register
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging
Techiexpert.com
No Result
View All Result

Record-Setting GDPR Fines in 2019

Srikanth by Srikanth
September 3, 2019
in Tech news
Reading Time: 4min read
A A
0
GDPR Fines 2019
12
SHARES
167
VIEWS
Share on FacebookShare on Twitter

The EU’s General Data Privacy Regulation (GDPR) is designed to improve the state of data privacy and security for EU citizens. Under the new regulation, organizations are held to a much higher standard regarding how they collect and manage an individual’s personal data, and the fines for non-compliance have increased dramatically compared to existing legislation.

Recently, the Information Commissioner’s Office (ICO), the GDPR regulator for the UK, has announced fines for two organizations: British Airways and Marriott. These fines are notable for their magnitude and the reasons that the organization was liable. Previously, most GDPR fines were small and applied in cases of deliberate ignorance of GDPR’s rules, like hiding aspects of an application’s privacy policy and settings within multiple pages.

The fines levied against British Airways and Marriott are different. First, they dwarf the fines applied in the first year of GDPR enforcement. Second, they are punishments for “unintentional” violations of GDPR: an exploited web application security flaw and an existing breach inherited during a merger.

The History of GDPR Enforcement

The EU’s General Data Privacy Regulation (GDPR) went into effect on May 25, 2018. Under the new regulation, the definition of protected personal information was expanded as well as the responsibilities of organizations when holding or using it. A more famous aspect of the new regulation was the fact that fines increased dramatically for non-compliance. A GDPR infraction carries a maximum possible penalty of up to 20 million Euros or 4% of global turnover, whichever is greater.

ADVERTISEMENT

In the first year of GDPR, the regulatory bodies reviewed over 200,000 cases of alleged violations of GDPR. From these cases, a total of 56 million Euros in fines was levied, of which 50 million Euros was a single fine against Google.

The reason for this (relatively) low number of fines was the fact that GDPR regulators considered it a transition year where regulators acclimated to the new legislation and worked to manage the massive influx of new cases. Also, these early cases demonstrated to organizations that regulators can and will levy fines under the new regulations, underscoring the importance of achieving compliance with the new regulation.

The British Airways and Marriott Breaches

New fines announced by the UK’s Information Commissioner’s Office (ICO), the UK organization responsible for policing GDPR compliance, has demonstrated that they’re not fooling around regarding GDPR enforcement. The ICO has publicized the fact that they intend to fine British Airways and Marriott hotels 183.5 million and 99 million Euros respectively for failing to properly secure data protected under GDPR. While these fines are still open to appeal, they represent the largest GDPR fines announced to date.

In the case of British Airways, the cause of the breach was a poorly-secured web application. Attackers managed to modify the website’s Javascript code to include Magecart, a common piece of malware designed to steal credit card information. As a result, 380,000 victims had their information stolen.

The Marriott breach was caused by a hack of the Starwood database, which was compromised even before Marriott acquired Starwood in 2016. However, the breach continued past May 25, 2018, making it fall under GDPR jurisdiction. This fine demonstrated that the GDPR regulatory authorities intend to enforce protection of all personal data in an organization’s possession, even if the original breach “wasn’t their fault”.

The British Airways and Marriott fines are striking due to the size of the penalties. Previously, the ICO’s largest fine levied under data protection legislation was 500,000 Euros for the Facebook Cambridge Analytica scandal. This was the maximum possible fine allowable under GDPR’s predecessor, and the Starwood and Marriott fines demonstrate that the ICO is happy to take advantage of the higher ceiling offered under GDPR.

The new fines against British Airways and Marriott are each greater than all of the fines levied in the first year of GDPR combined (and the British Airways one is over three times as much). These fines are likely designed to set a precedent and serve as a warning to other companies currently under investigation for GDPR violations (like Google and Facebook).

Becoming GDPR Compliant

The EU’s General Data Privacy Regulation (GDPR) demonstrates their commitment to holding companies accountable for how they collect and use the personal data of their customers. Under the GDPR, a greater range of personal data is protected by the regulation, and the fines for non-compliance have dramatically increased. The previous regulation capped fines at 500,000 Euros, while the new regulation allows penalties up to the greater of 20 million Euros or 4% of a company’s global turnover.

While the penalties levied in the first year of GDPR were relatively low, the new British Airways and Marriott breaches demonstrate that this will not always be the case. Either of these fines is greater than all fines levied in the first year of GDPR combined, demonstrating that the ICO is ushering in a new era of GDPR enforcement.

These fines underscore the importance of implementing proper data and web application security protections for any organization. Neither breach was caused by deliberate noncompliance and could have been prevented if data monitoring and loss protection solutions were in place. While the magnitude of the British Airways and Marriott fines was likely intended to send a warning to other organizations of the cost of deliberate noncompliance with GDPR, there is no guarantee that regulators will not continue to levy fines of this magnitude for similar violations.

Tags: BusinessGDPR Compliance
Share5Tweet3Share1Pin1
Srikanth

Srikanth

Passionate Tech Blogger on Emerging Technologies, which brings revolutionary changes to the People life.., Interested to explore latest Gadgets, Saas Programs

Related Posts

Increasing Adoption of Informatics will Promote Growth of Data Analytics.
Tech news

Increasing Adoption of Informatics will Promote Growth of Data Analytics.

January 22, 2021
6 Ways AI and ML Together Transforming Endpoint security in 2020?
Tech news

5 Ways Artificial Intelligence Impacts Daily Life

January 22, 2021
What are some of the new innovations in Telehealth?
Tech news

Getting Started With Telehealth Technology: Here’s What Therapists Need to Know

January 21, 2021
10 CMDB Tools That Will Revolutionize 2021
Tech news

10 CMDB Tools That Will Revolutionize 2021

January 21, 2021
What You Need for An Effective Home Office Setup
Tech news

8 Advantages Coworking Spaces Have Over Traditional Offices

January 21, 2021
Best books on Windows 10 for beginners
Tech news

Best books on Windows 10 for beginners

January 20, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Latest Stories

Paid VS Organic Online Traffic: Why you should use them in tandem? 1
Marketing Trends

Paid VS Organic Online Traffic: Why you should use them in tandem?

by Sony T
January 25, 2021
Alibaba Cloud Computing Now Ranked Third-Largest Infrastucture as a Service Provider
Cloud Computing

Alibaba Cloud Computing Now Ranked Third-Largest Iaas Provider

by Srikanth
January 25, 2021
How a SERP Checker Can Improve Your Search Rankings
Marketing Trends

How a SERP Checker Can Improve Your Search Rankings

by Srikanth
January 23, 2021
Meet India’s Atmanirbhar Microprocessor chip ‘Moushik’, meant for IoT devices
Internet Of Things

Meet India’s Atmanirbhar Microprocessor chip ‘Moushik’, meant for IoT devices

by Srikanth
January 22, 2021
Bolo Indya
Startup news

Bolo Meets is helping content creators by monetizing their content

by Sony T
January 22, 2021
Load More
Techiexpert.com

© 2020 All Rights Reserved

  • Terms of use
  • Privacy Policy
  • About Us
  • Contact us
  • Write For Us
  • Cookie Policy

  • Login
  • Sign Up
No Result
View All Result
  • Home
  • Tech news
  • Startups
  • AI
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • ML
  • Blogging

© 2020 All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.