GDPR Fine Could Total €645k for Serious Data Privacy Violation
European Companies Warned of GDPR Violation Consequences
As we draw closer to the three-year mark since GDPR was first issued, European companies are continuing to face fines for repeated violations. Fines from €525,000 to €50 million have been issued to various companies, including Google.
The Importance of Expressed Consent
Canadian company Locatefamily.com was recently issued a fine of €525,000 for a serious GDPR violation with up to an additional €120,000 penalty if they fail to solve the security problem. The website connects distant, estranged, or long-lost relatives with one another using a massive database. However, EU citizens are reporting that their personal information (i.e. full name, home address, phone number, etc.) was listed on the site without expressed consent or knowledge, which violates GDPR and puts the general population’s security at risk.
Google was charged the largest fine of €50 million for violations in France, where they did not explain to android users how their personal information was being used. Despite Google’s appeal, the French security watchdog determined that Google had not obtained consent for the personal data of Android users. They were then charged a €32 million fine by Germany for GDPR violations, as well.
No One is Untouchable
Large companies have gotten comfortable with using personal data for research without realizing that the information comes at a cost. The EU is warning companies that continued GDPR violations will not go unaddressed, regardless of the company’s home base. Foreign companies are not exempt from complying with GDPR standards, and they are learning their lesson the hard way.
Google is not the only major company in hot water for GDPR violations. In November 2020, Marriott was charged a fine of £18.4 million by the UK when a cyberattack breached the data of 330 million Marriott guests, worldwide. The names, phone numbers, home addresses, unencrypted passport numbers, and more pieces of customers’ data were leaked.
Since GDPR was enforced in 2018, the EU has issued €293 million in GDPR fines, with AggregateIQ who faced a maximum fine of £17 million as the first company to be penalized under GDPR. To date, Spain leads with 222 fines, followed by Italy at 73 fines.