Techiexpert.com
No Result
View All Result
  • Tech
  • Startup
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
No Result
View All Result
  • Tech
  • Startup
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
No Result
View All Result
Techiexpert.com
No Result
View All Result

Record-Setting GDPR Fines in 2019

Srikanth by Srikanth
September 3, 2019
in Tech news
0
GDPR Fines 2019
9
SHARES
133
VIEWS
Share on FacebookShare on Twitter

The EU’s General Data Privacy Regulation (GDPR) is designed to improve the state of data privacy and security for EU citizens. Under the new regulation, organizations are held to a much higher standard regarding how they collect and manage an individual’s personal data, and the fines for non-compliance have increased dramatically compared to existing legislation.

Recently, the Information Commissioner’s Office (ICO), the GDPR regulator for the UK, has announced fines for two organizations: British Airways and Marriott. These fines are notable for their magnitude and the reasons that the organization was liable. Previously, most GDPR fines were small and applied in cases of deliberate ignorance of GDPR’s rules, like hiding aspects of an application’s privacy policy and settings within multiple pages.

The fines levied against British Airways and Marriott are different. First, they dwarf the fines applied in the first year of GDPR enforcement. Second, they are punishments for “unintentional” violations of GDPR: an exploited web application security flaw and an existing breach inherited during a merger.

The History of GDPR Enforcement

The EU’s General Data Privacy Regulation (GDPR) went into effect on May 25, 2018. Under the new regulation, the definition of protected personal information was expanded as well as the responsibilities of organizations when holding or using it. A more famous aspect of the new regulation was the fact that fines increased dramatically for non-compliance. A GDPR infraction carries a maximum possible penalty of up to 20 million Euros or 4% of global turnover, whichever is greater.

In the first year of GDPR, the regulatory bodies reviewed over 200,000 cases of alleged violations of GDPR. From these cases, a total of 56 million Euros in fines was levied, of which 50 million Euros was a single fine against Google.

The reason for this (relatively) low number of fines was the fact that GDPR regulators considered it a transition year where regulators acclimated to the new legislation and worked to manage the massive influx of new cases. Also, these early cases demonstrated to organizations that regulators can and will levy fines under the new regulations, underscoring the importance of achieving compliance with the new regulation.

The British Airways and Marriott Breaches

New fines announced by the UK’s Information Commissioner’s Office (ICO), the UK organization responsible for policing GDPR compliance, has demonstrated that they’re not fooling around regarding GDPR enforcement. The ICO has publicized the fact that they intend to fine British Airways and Marriott hotels 183.5 million and 99 million Euros respectively for failing to properly secure data protected under GDPR. While these fines are still open to appeal, they represent the largest GDPR fines announced to date.

In the case of British Airways, the cause of the breach was a poorly-secured web application. Attackers managed to modify the website’s Javascript code to include Magecart, a common piece of malware designed to steal credit card information. As a result, 380,000 victims had their information stolen.

The Marriott breach was caused by a hack of the Starwood database, which was compromised even before Marriott acquired Starwood in 2016. However, the breach continued past May 25, 2018, making it fall under GDPR jurisdiction. This fine demonstrated that the GDPR regulatory authorities intend to enforce protection of all personal data in an organization’s possession, even if the original breach “wasn’t their fault”.

The British Airways and Marriott fines are striking due to the size of the penalties. Previously, the ICO’s largest fine levied under data protection legislation was 500,000 Euros for the Facebook Cambridge Analytica scandal. This was the maximum possible fine allowable under GDPR’s predecessor, and the Starwood and Marriott fines demonstrate that the ICO is happy to take advantage of the higher ceiling offered under GDPR.

The new fines against British Airways and Marriott are each greater than all of the fines levied in the first year of GDPR combined (and the British Airways one is over three times as much). These fines are likely designed to set a precedent and serve as a warning to other companies currently under investigation for GDPR violations (like Google and Facebook).

Becoming GDPR Compliant

The EU’s General Data Privacy Regulation (GDPR) demonstrates their commitment to holding companies accountable for how they collect and use the personal data of their customers. Under the GDPR, a greater range of personal data is protected by the regulation, and the fines for non-compliance have dramatically increased. The previous regulation capped fines at 500,000 Euros, while the new regulation allows penalties up to the greater of 20 million Euros or 4% of a company’s global turnover.

While the penalties levied in the first year of GDPR were relatively low, the new British Airways and Marriott breaches demonstrate that this will not always be the case. Either of these fines is greater than all fines levied in the first year of GDPR combined, demonstrating that the ICO is ushering in a new era of GDPR enforcement.

These fines underscore the importance of implementing proper data and web application security protections for any organization. Neither breach was caused by deliberate noncompliance and could have been prevented if data monitoring and loss protection solutions were in place. While the magnitude of the British Airways and Marriott fines was likely intended to send a warning to other organizations of the cost of deliberate noncompliance with GDPR, there is no guarantee that regulators will not continue to levy fines of this magnitude for similar violations.

Tags: BusinessGDPR Compliance

Related Posts

Veera India’s Mobile Only Internet Browser by Marquee Investors and Entrepreneurs
Tech news

Veera India’s Mobile Only Internet Browser by Marquee Investors and Entrepreneurs

The Top Strategies for Mobile Cross-Browser Testing
Tech news

The Top Strategies for Mobile Cross-Browser Testing

blockchain secure iot
Tech news

How Secure Is HTTPS? A Primer on a Protocol That Protects Much of the Web

Exploring the World of Online Virtual Sports
Tech news

Exploring the World of Online Virtual Sports

Does God Play Dice? – A Quantum Perspective
Tech news

Does God Play Dice? – A Quantum Perspective

Popular this week

  • Renesas Expands IoT Footprint with Sequans Acquisition

    Renesas Expands IoT Footprint with Sequans Acquisition

    2227 shares
    Share 890 Tweet 557
  • Y2Mate.com 2023: How to Download Videos and Audios

    256 shares
    Share 102 Tweet 64
  • Top 10 Omegle Alternatives you might like

    338 shares
    Share 135 Tweet 85
  • What is windows modules installer ? How to Enable/Disable

    128 shares
    Share 51 Tweet 32
  • Top 10 YouTube to MP3 Converter Platforms for Free

    100 shares
    Share 40 Tweet 25
  • Does God Play Dice? – A Quantum Perspective

    48 shares
    Share 19 Tweet 12

Latest Stories on Techiexpert

Amazon Unveils Next-Gen Echo Devices with Enhanced AI-Powered Alexa

Amazon Unveils Next-Gen Echo Devices with Enhanced AI-Powered Alexa
Share6Tweet4Share1Pin1

Tamil Nadu CM MK Stalin Unveils Ambitious Startup and Innovation Policy 2023

Tamil Nadu CM MK Stalin Unveils Ambitious Startup and Innovation Policy 2023
Share6Tweet4Share1Pin1

Bengaluru Fintech Startup Converj Targets B2B Payments with Virtual Credit Cards

Bengaluru Fintech Startup Converj Targets B2B Payments with Virtual Credit Cards

Pay for goods by credit card through a smartphone in a coffee shop.

Share6Tweet4Share1Pin1

EaseMyAI raises Rs. 3 Crore in Seed Round led by IPV

EaseMyAI raises Rs. 3 Crore in Seed Round led by IPV
Share6Tweet4Share1Pin1

How To Cancel All Alarms At Once On Both Android & iPhone

How To Cancel All Alarms At Once On Both Android & iPhone
Share6Tweet4Share1Pin1
  • Privacy Policy
  • About Us
  • Contact us
  • Cookie Policy
  • Write For Us

© 2016-2022 All Rights Reserved

No Result
View All Result
  • Tech
  • Startup
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain

© 2016-2022 All Rights Reserved

Cookie Law Notice
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
SAVE & ACCEPT
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.