The French National Data Protection Commission (CNIL) fined Google 50 million Euro on January 22nd. This is the largest General Data Protection Regulation (GDPR) fine yet.
The fine was for failing 1) to explain data protection policies and 2) to gain users permission for data processing. The GDPR, requires companies to obtain “genuine consent” before collecting information. This means that consent is done in an obvious manner where it is easy for individuals to withdraw or say no to companies like Google.
This fine is just the start. Under GDPR a company faces a maximum fine of 4% of its annual gross revenue. For Example Google’s maximum fine would be roughly 6 billion Euros.
The GDPR applies to all companies regardless of size if they have EU citizens as customers . Companies need to be GDPR compliant or could face a fine.
GDPR coming to America
GDPR fines are causing US States to change their privacy laws, while no national privacy law exists yet, each state has updated its privacy laws recently. In 2018 several states passed new data privacy laws after the GDPR became effective. The strongest new law is the California Consumer Privacy Act of 2018. However other States such as Alabama SB318, Arizona HB 2145, Colorado HB 118, Iowa HF 2354, Louisiana Act # 382 have all passed laws.
CSR’s provides data privacy knowledge and expertise to the small and medium size business (SMB) community with an affordable program. We believe SMBs are the bedrock of our economic health. Privacy laws are confusing, complicated and convoluted. CSR’s Readiness PRO is designed to allow the SMB to meet these demands and more.