Are you GDPR compliant
This week has seen the tech-giant, Google, become the latest company to receive a hefty fine for failing to comply with its obligations under the General Data Protection Regulation (‘GDPR’).
In May 2018, French privacy rights groups; NOYB and LA Quadrature du Net, filed their complaints with the French regulator, CNIL. The first complaint was received on the day the Regulation took effect, meaning Google had to have implemented adequate technical and organisational measures from day 1.
CNIL found; amongst other matters, that Google had failed in obtaining clear consent to process personal data and a valid legal basis for processing user data for advert personalisation. The immediate financial cost to Google – £44m! There will also likely be reputational damage and loss of trust amongst users of its services.
The implementation of GDPR has resulted in an increased awareness amongst data subjects of the value of their personal data. There is therefore a growing expectation amongst data subjects that businesses; in particular those businesses within the tech industry obtaining a lot of personal data, will ensure compliance with their obligations under GDPR in respect of how they obtain, process, use and store. Notably, Amazon, Apple, Netflix and Spotify all face accusations of breaching GDPR.
There has however been a growing response to data subject’s expectations within the tech industry, with many SaaS providers, providers of cloud services and hosting platforms not only seeking to ensure compliance with GDPR, but to also voluntarily subscribe to Codes of Conduct such as EU Cloud Code of Conduct. These codes go above and beyond the minimum requirements set out in GDPR and are a means by which a company can benchmark itself. The result is an increased perception of reliability and trustworthiness amongst their users.
The lesson here – don’t be like Google. Irrespective of your sector, ensure your business is compliant with GDPR and that where possible you go above and beyond the minimum required standards.
Our business team can produce or help you review privacy notices, cookies policies, data processing agreements and aspects of data protection within commercial contracts.
If you would like to discuss any aspect of data protection further, please contact:
Jonathan Kerr, Solicitor in the Business Team:
T: 01756 700200