Cross-border transfers: data on vacation

GDPR in Practice: Compliance and Fines

Mamnoon Hadi

Head of Analytics & Insights at Readdle

Understanding cross-border data transfers

GDPR regulates the transfer of personal data outside the EU to ensure data protection standards are maintained
Key mechanisms include:
- Standard Contractual Clauses (SCC)
- Adequacy Decisions
- Binding Corporate Rules (BCRs)
Risks of non-compliance: hefty fines and reputational damage

Case study: Meta GDPR violation

Background$^1$: Meta's reliance on SCCs for transferring EU user data to the US

Issue: US surveillance laws clashed with GDPR principles

Key Event: Schrems II ruling invalidated the Privacy Shield framework in 2020. Meta continued transfers without adequate safeguards, leading to a record fine in 2023

Outcome: €1.2 billion fine imposed by the Irish Data Protection Commission. Ordered to suspend future transfers and delete existing EU user data in the US

¹ www.farrer.co.uk

Case study: lessons learned

Treat SCCs like a GDPR passport - build in safeguards when transferring data internationally
Stay updated on legal changes - proactive compliance saves costs and risk
Privacy-by-design isn't a buzzword - it's protection for the future

Impact of violations

Financial impact:

Record-breaking fines (€1.2 billion in Meta's case)

Operational disruption:

Suspension or reorganization of data flows

Reputational damage:

Erosion of consumer trust and global credibility

Regulatory scrutiny:

Increased audits and potential sanctions for other violations

Key takeaways and conclusion

Use GDPR-approved mechanisms like SCCs or rely on Adequacy Decisions
Regularly audit and update data transfer practices to reflect legal developments
Implement robust privacy and data protection measures
Non-compliance isn't worth the risk-stay proactive to avoid fines and disruptions

Closing note:

GDPR compliance isn't just a legal obligation; it's a commitment to protecting user trust and data privacy globally

Let's practice!

GDPR in Practice: Compliance and Fines