The French National Data Protection Commission (CNIL) fined Google 50 million Euro yesterday for failing to explain its data protection policies properly and failing to get users consent for data processing and ad personalization. This is the largest single fine under the General Data Protection Regulation (GDPR) to date.
The United States is rapidly adopting the GDPR in whole measure. In 2018 multiple states following the passage of the GDPR enhanced their regulations. The most comprehensive and strongest is the California Consumer Privacy Act of 2018. Others include Alabama SB318, Arizona HB 2145, Colorado HB 118, Iowa HF 2354, Louisiana Act # 382, Nebraska LB 757, Oregon SB 1551, South Carolina H4655, South Dakota SB 62, Vermont H764 and Virginia HB 183. Every state has enhancing regulations with increasing enforcement.
CNIL stated that the fine was issued because Google failed to provide enough information to users about its data consent policies and did not give them enough control over their own information utilization. Under the GDPR, companies are required to obtain “genuine consent” before collecting information. This mandates that consent is done in an explicit process where it is easy for individuals to withdraw.
The 50 million Euro fine is not the largest that could have been sanctioned. The maximum fine is four percent of annual gross revenue. This means that Google could have been fined upwards of 6 Billion Euros. It is critical to understand that all companies face similar rulings under the GDPR.
The GDPR is blind to size of company. It is universally applicable and therefore all companies that have requirements under the GDPR must be prepared and knowledgeable.
It is the mission of CSR to provide this level of knowledge and expertise to the small and medium size business (SMB) community in a cost sensitive environment. We alone are committed to the SMB population as we believe that they are the bedrock of our economic health. The regulations are confusing, complicated and continuously evolving. CSR’s flagship offering of Readiness PRO is designed and proven to allow the SMB to meet these demands and more.