GDPR: What’s happened over the last year?

Revealed: The big businesses that got fined…

BrightHR Team

Do you remember the build-up to GDPR?

The long nights trying to get your business ready for the new law? The endless rewrites of your privacy policy?

Well, it was all worth it. Why?

Because you didn’t fail and pay the price, unlike these companies…

Who got fined?

The Information Commissioner’s Office (ICO) dished out many fines over the past year. But none have been close to the maximum penalties of either €20 million or 4% of annual turnover.

The ICO fined Vote Leave Limited £40,000 for sending out thousands of uninvited text messages in the lead up to the 2016 EU Referendum.

While “GoSkippy insurance” got a £60,000 fine for sending marketing emails without the right consent. But that’s nothing compared to the European fines…

The French regulator CNIL fined Google €50 million (around £44m) for not giving enough information to customers about how it was collecting personal data and using it for advertising.

And the Danish Data Protection Agency fined a taxi company £220,000 for keeping nine million personal records that they didn’t need or use.

Were there any data breaches?

None that made the news. In fact, cautious employers may have been over-reporting data breaches to the ICO over the past year. 

Only a small amount of GDPR fines have been because of data breaches. The ICO handled 1,468 breach cases between May 2018 and March 2019, but only penalised 29 businesses.

So, the first year was fairly quiet then?

You might think so. But think again…

The ICO still fined big businesses thousands of pounds for failing to follow GDPR. And while they’ll probably recover, would you?

Don’t risk it. Check your business is GDPR compliant by downloading our free checklist.