When customers ask, "Can I have that?"

GDPR in Practice: Compliance and Fines

Mamnoon Hadi

Head of Analytics & Insights at Readdle

Case study: Google's 600,000 euros fine

Overview of the case$^1$:

In 2020, the Belgian Data Protection Authority (DPA) imposed a €600,000 fine on Google Belgium for failing to respect an individual's right to erasure (also known as the right to be forgotten), Article 17 and for lack of transparency in its request form to delist

Key facts:

  • The individual requested the deletion of personal data under the right to erasure, Article 17
  • Despite the request being legitimate, Google did not take action within the required time frame of 30 days and failed to inform the individual about the actions
1 https://www.edpb.europa.eu
GDPR in Practice: Compliance and Fines

Case study: Google's 600,000 euros fine

Lessons learned:

Take data subject rights seriously:

  • Failing to handle data subject requests transparently and within timeframe can result in substantial fines and reputational damage

Transparency is key:

  • Effective communication with data subjects about the status of their requests is essential to avoid misunderstandings

 

Identify internal challenges to fulfill rights

  • High volume of requests
  • Lack of clear internal processes
  • Confusion over legal requirements

Resolve these challenges through regular audits, clear internal policies, training, and effective communication systems

GDPR in Practice: Compliance and Fines

Impact of these violations

Financial impact:

While the €600,000 fine may seem small for Google, it represents a significant penalty for non-compliance with GDPR, especially for such a large company

Reputational damage:

The real cost lies in the loss of customer trust. Google's mishandling of personal data led to a public backlash, harming their brand image

Operational impact:

The case likely prompted internal policy & process changes at Google and other companies to ensure stricter adherence to GDPR's data subject rights

GDPR in Practice: Compliance and Fines

Takeaways

A lesson for all businesses:

  • Every organization must prioritize GDPR compliance, adopt transparent processes, and treat personal data with the utmost care to avoid legal, financial, and reputational consequences

Crucial action steps for compliance:

GDPR in Practice: Compliance and Fines

Let's practice!

GDPR in Practice: Compliance and Fines

Preparing Video For Download...