GDPR One Year Later: A Data Privacy Retrospective

On May 25, 2018 the EU’s GDPR went into effect. This was, by far, the most aggressive and sweeping privacy law the world had seen in years. New requirements including: a) responding to individual rights requests within 30 days unless certain criteria are met, and b) filing with regulators within 72 hours of a personal data breach, were just a couple of the most pressing obligations companies are required to address. 
 
Over the last year, fines have been wide-ranging and have varied from country to country. Companies of all sizes across different industries have been caught in the crosshairs of the regulators, including but not limited to:

 
ADV_CCPA_GDPR-one-year-later_5-19_icons_knuddels.png Knuddels.de

Fined €20,000 (~$22,500) by the German Data Protection Authority (DPA) following a breach that exposed personal information of 330,000 users, including passwords and email addresses
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_facebook.png

Facebook

Fined £500,000 (~$652,000) by the UK’s Information Commissioner Office (ICO) for the Cambridge Analytica scandal, which allowed illicit access to personal data of 87 million users.
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_britishtelecom.png

British Telecommunications

Fined £77,000 (~$100,000) by the UK’s ICO for sending approximately 5 million unsolicited marketing emails. 
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_google.png

Google

Fined €50 million (~$57 million) by the French Commission Nationale de l’informatique et des Libertés (CNIL) for not properly disclosing to users how data was collected across its services to provide personalized advertisements.
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_yahoo.png

Yahoo!

Fined £250,000 ($326,000) by the UK’s ICO for an attack that took place in 2014 where contact information and passwords of 500 million users were exposed.
   
ADV_CCPA_GDPR-one-year-later_5-19_icons_equifax.png

Equifax

Fined £500,000 (~$652,000) by the UK’s ICO for a 2017 breach that allowed hackers to steal sensitive financial information from approximately 15 million users.
 

Please see our latest insight to review what actions companies are taking to improve their data governance and privacy compliance programs, as well as what they are doing to prepare for the influx of new privacy regulations, including California Consumer Privacy Act.

Related Resources

Article

2024 BDO Board Survey

October 22, 2024
Article

2024 BDO Board Survey

October 22, 2024

Board directors are preparing for 2025 with an eye toward capturing new opportunities through technology and enhancing risk management. BDO recently polled approximately 250 directors at public companies to identify their areas of focus for the year ahead.

Read More

Article

Building a Culture of Transparency: SOX Compliance Tips for the C-Suite

October 21, 2024
Article

Building a Culture of Transparency: SOX Compliance Tips for the C-Suite

October 21, 2024

The C-Suite is held to stringent requirements imposed by the intricate provisions of the Sarbanes-Oxley Act of 2002 (SOX), making transparency and accountability essential components of corporate governance.

Read More

Article

2024 Audit Innovation Survey

October 7, 2024
Article

2024 Audit Innovation Survey

October 7, 2024

BDO’s Audit Innovation Survey underscores the importance of auditors leveraging technology to meet client demand, while critically understanding that technology cannot replace professional skepticism — a hallmark of an auditor’s role that remains essential to preserving trust in capital markets.

Read More

Article

From AI to IA: An Internal Audit Guide to Artificial Intelligence

September 17, 2024
Article

From AI to IA: An Internal Audit Guide to Artificial Intelligence

September 17, 2024

Internal audit holds the critical role of enacting those controls and establishing parameters so that the organization can reap AI’s benefits while mitigating its inherent risks.

Read More