enterprisesecuritymag

Steps to stay in compliance with the European Unions GDPR.

Enterprise Security Magazine | Thursday, January 06, 2022

The seriousness of breaching privacy terms of the European Union’s GDPR and how organizations can avoid such hefty fines.

FREMONT, CA: Many firms are asking how they can avoid compliance violations after an 888 million dollars fine was levied on Amazon for suspected privacy violations of the European Union's General Data Protection Regulation (GDPR). According to Bloomberg, the case concentrates on how Amazon gathers and utilizes personal data related to the internet giant's EU headquarters in Luxembourg. The penalty suggested by the Luxembourg National Data Protection Commission (CNPD) for Amazon exceeds the highest GDPR charge to date. In another instance, a 56.8 million dollars fine levied on Google in France for its data-consent policy.

 

Marc Lemmer, a commissioner at the Luxembourg data protection agency, told Politico in February that the organization was not concerned with big fines. On which Lemmer explained, the goal is not to have harsh penalties but to alter the culture. GDPR, which was adopted by the EU in April 2016 and went into effect in May 2018, intends to offer individuals greater control over how firms manage their personal data. They witnessed multiple fines in big tech in 2020 as a result of GDPR - the 625 known fines imposed up to May 2021 totaled 283 million dollars in penalties.

 

Among the 26 other national authorities in the bloc, the CNPD documented a draft decision and presented a fine for GDPR breaches. This proposed punishment offers a learning opportunity for firms on how to avoid such bulky penalties resulting from privacy breaches, as there are several fines with larger dollar amounts - fines can reach up to 4 percent of a company's annual revenue - which is the maximum allowed under the GDPR.

 

Organizations to reduce the risk of privacy fines from GDPR can follow the below four steps. The first being, maintaining accountability by keeping a record of processing operations and documenting every taken step and anything one believes is significant in the data processing activities. Next, keep the privacy team informed about the development of new goods and services. Third, always document the compliance, as it aids to demonstrate on an ongoing basis of how you comply. Lastly, coordinate, collaborate, and maintain good terms with regulators that will help reduce the risk of hefty fines.