Welcome

GDPR in Practice: Compliance and Fines

Mamnoon Hadi

Head of Analytics & Insights, Readdle

Introduction

What you will learn:

Practical insights: Applying GDPR to manage risks and ensure compliance
Key skills: DPIAs, handling ethical dilemmas, aligning GDPR with business strategy
Case studies: real-world examples from Google, Facebook, British Airways, and others

What is GDPR & its principle?

Who does it apply to?

Any organization handling EU residents' (human) personal data, anywhere in the world

Why does it matter?

Year: 2018$^1$

Compromised data: British Airways suffered a breach, exposing personal and financial data of 400,000+ customers
Failure: the ICO found that British Airways, as the data controller, had not implemented adequate security measures to protect customer data, which ultimately led to the breach

¹ ico.org.uk

Role: British Airways is a Data Controller & decides how customer data is used and have more stringent duties, while Data Processor (example - payment providers like Stripe, PayPal) handles the data
Violation: breach of GDPR data protection by design and data minimization

Impact: personal info exposed, including credit card details, huge financial liability & trust loss

- Regulatory consequences: enforcement by Data Protection Authorities (DPAs), penalties up to 4% of global revenue

- Risk of legal action from affected individuals: BA's Passengers could sue after their personal & credit card info was exposed

- Financial penalties: imagine paying £20 million or 4% of annual turn over for something easily avoidable

- Reputational damage:

What did we all learned from BA?

Key lessons:

Proactive measures:

GDPR in Practice: Compliance and Fines