GDPR made its highly anticipated debut back in May of this year and, until recently, the Information Commissioner’s Office (“ICO”), who are in charge of enforcing the new regulations, had yet to issue any fines.
There had been a lot of speculation as to when the first fine would be issued and to whom, and now Facebook has been issued with the maximum fine of £500,000 under the terms of the Data Protection Act 1998. Under the terms of the legislation, companies must report data breaches to regulators within 72 hours and failures to adequately protect information can result in fines of up to €20 million, or four percent of annual global turnover, whichever is higher.
The ICO has reported that, since the new rules came into effect, the regulator were receiving 500 calls a week reporting data breaches, but, despite this, they had yet to issue any fines.
Facebook are currently fighting fines and legal issues all over the world, as are other big tech giants like Google. The European Commission, the administrative arm of the European Union, levied a record fine of five billion dollars on Google for breaching the E.U.’s competition rules by, among other things, forcing cell-phone manufacturers to pre-install the firm’s search engine and Chrome Web browser on Android phones.
The General Data Protection Regulation (GDPR) is the biggest renewal and revamp by the EU of the current Data Protection Act and the most important change in Data Privacy in 20 years.
The new EU GDPR was designed to harmonise data privacy laws across Europe, to empower all EU citizens and, to reshape the way organisations obtain, store, process and share information. Strict rules mean companies will not be allowed to collect and use personal information without the consumer’s consent.
Before GDPR came into force, companies were able to hold your data, store it for as long as they like and share it with other companies. For example, Facebook has a record on its site of every Like and click you make. They use this Data to categorise people by class, political allegiance and spending power. This was thought of as an unfair advantage and GDPR aimed to tip the balance between business interests and consumer’s and give the power back to the individual.