You’ve most likely heard the recent news about Google receiving a hefty €50 million fine for failing to comply with the GDPR standards. But what are the implications of this incident?
This is officially the largest GDPR fine yet. Even though the GDPR only went into force in May 2018, the French regulator (CNIL), is now making a statement by enforcing the law for the first time on a major technological giant. This act shows Europe and the rest of the world that it is time to take GDPR seriously, otherwise… well, you can see what happened to Google.
And yet, according to a recent survey from the International Association of Privacy Professionals (IAPP), less than half of the participants have reported being fully compliant with GDPR. As shocking as it may sound, the reason behind it is that becoming compliant is a highly complex endeavor. It requires a substantial amount of resources; both setting up internal processes and modifying technologies for compliance.
Turns out that in Google’s case, they were accused of lack of transparency and consent. According to TechCrunch, the regulator reports that “essential information, such as the data processing purposes, the data storage periods or the categories of personal data used for the ads personalization, are excessively disseminated across several documents, with buttons and links on which it is required to click to access complementary information.”
For example, it takes 5 or 6 taps in order for a user to know how their data is being processed to personalized ads, which the regulator deemed as unreasonably long. This suggests that Google did have the technical capabilities to share the processing records with its customers, but they didn’t make them accessible enough. It seems that Google was punished mainly due to poorly adapted internal processes, and not so much for the lack of technical means.
Now just imagine if they didn’t have the technical capabilities to provide their customers with records of processing and other GDPR requirements at all — their fine could’ve been much larger. Unfortunately, this is the case for thousands of companies that are required to comply with the European legislation. We, at SecuPi, aim to help you avoid this next big fine by making your applications and systems GDPR compliant within days and with no code changes.