The recent 50-million euro fine issued to Google by the French supervisory authority CNIL is one of the first, if not THE first, where the GDPR’s punitive mechanism was put into practice. So what conclusions do organizations and privacy professionals need to draw from the fine?
While Google’s parent company, Alphabet, is headquartered in Ireland, however this first fine was issued by the French CNIL. This clearly underlines the EU-wide character and applicability of the GDPR and puts the ramifications this law will have into perspective. With Google being fined for not properly capturing consent and informing what type of personal data is gathered and how it is processed, the importance for organizations to properly capture consent and implement transparency mechanisms has become evident.
Another lesson that can be learned from this fine is that the initial skepticism that reigned in certain US-circles about the applicability and influence of the GDPR on US companies has turned out to be unfounded. In our highly globalized and digitized world, the GDPR affects many companies worldwide, not in the least because of the attractiveness of the EU’s single market.
With consumers, and now EU supervisory authorities, showing ever more interest in how companies respect consumer data privacy, it has become more essential than ever to be able to show compliance with privacy laws (like the GDPR). This compliance is a direct investment in both brand perception and consumer confidence as well as avoiding unnecessary legal exposure.
US- based organizations should always consider proper, GDPR-proof arrangements, before engaging with the EU market place. Take our assessment to see if the GDPR applies to your activities in the EU; https://www.repgdprcranium.eu/
Author: Djamel Becherif, MSc.