France Upholds GDPR with Fine to Google
The General Data Protection Regulation (“GDPR”), which went into effect in May 2018, is a regulation related to data protection and privacy for all individuals within the European Union (“EU”). It also addresses the export of personal data outside the EU, including the U.S., which therefore requires compliance for many U.S. companies storing, processing or transmitting EU citizen data. GDPR promised potential fines for those not in compliance. Well, news broke this week that they have kept their promise.
France’s data protection watchdog, Commission Nationale de l’Informatique et des Libertés (“CNIL”), has fined Google a record $57 million for failing to provide users with transparent and understandable information on its data use policies. It is the first time that the CNIL has fined any company under GDPR, but it surely will not be the last. While this is the first time Google has been fined under GDPR, it looks as if it will be the first of many, and is the largest fine to date. Now that the damn has broken and fines have begun, others are soon to follow.
Chances are you are not Google. We get it. However, whether you are a “Controller” or “Processor” (or both) of EU citizen data, compliance is required and often times expected when doing business in the EU. Companies meeting these requirements now, or looking at expanding operations to the EU, should review their current security, privacy and compliance strategies to ensure they are prepared to meet GDPR. Our Risk Advisory Services group is here to help. We offer a number of services around GDPR privacy and security to include:
- Awareness & Education of Key Stakeholders
- Readiness Review
- Inventory and Mapping Data
- Compliance Evaluation
Additional information can be found on our webinar and flyer. Feel free to contact Neal Beggan or your Cherry Bekaert professional if you have questions or concerns about GDPR and how you can ensure compliance.