July 23, 2019

Data Privacy and Security Recap: July 2019 Edition

PKWARE

This month we take a look at the latest trending headlines related to data privacy and security.

GDPR Penalties and Fines

Since the General Data Protection Regulation (GDPR) went into effect last year on May 25, focus on data security has increased worldwide. In the past year, the European Commission has displayed seriousness towards GDPR implementation by imposing fines totaling more than €56 million across 91 companies, including €50 million against a single organization.

Here’s a look at some of the most prominent and the biggest fines imposed upon businesses for violating the GDPR.

British Airways
Earlier this month, British Airways was fined $230 million, which is roughly 1.5 percent of the carrier’s annual revenue when the personal information of approximately 500,000 customers got compromised. Termed as the largest penalty under the GDPR, the UK-based carrier will be fighting the penalty. Read more at CNN.

La Liga
In Spain, the national data protection agency (AEPD) imposed a 250,000 euros ($283,000) fine on the country’s soccer league La Liga. The fine was in response to Spain’s top professional football division illegal use of its mobile app to detect the bars that screen football matches without paying. For details, read more at World Intellectual Property Review.

Sergic
Meanwhile, the French data protection regulator accused the real estate provider Sergic of violating the GDPR norms. According to the French DPA, certain key documents (including individuals’ identity cards, tax notices, and account statements ) could be accessed on Sergic’s site by modifying its URL. The France-based watchdog CNIL imposed €400,000 fine considering the seriousness of the breach, sensitivity of the documents, and the entity’s size. To know in detail how Sergic failed to adhere by the GDPR norms, read more at Socially Aware Blog.

Struggling with Data Privacy

The sheer size of the imposed penalties indicates regulatory bodies are not shying away from imposing fines when customer data is compromised. It’s true that when companies use third parties to process customer data, chances of security breach go up. However, some entities are unknowingly not complying with the GDPR, like the King’s College London’s (KCL). In an independent investigation, it was found that the University breached the EU’s General Data Protection Regulation (GDPR), and its own data protection policy when it shared the sensitive personal data of students and staff with the Metropolitan Police. To understand the depth of the breach, read more at The Register.

In another incident, it was found that a contractor hired by Customs and Border Protection (CBP) violated the privacy protocol when it transferred copies of license plate images and traveler images. Reports suggest that at least 50k American license plate numbers are available on dark web due to this security lapse. To learn more about it, read at WBAL-TV 11.

The first anniversary of GDPR also witnessed the Belgian Data Protection Authority’s decision to issue its first fine. Worth EUR 2,000, the fine was imposed on a local politician who abused the email addresses of citizens for elections. Read what happened at Lexology.

PKWARE helps enterprises worldwide locate, identify, protect, and monitor the privacy of their sensitive personal data. Find out how with a free demo.

Share on social media
  • Data Retention: Aligning Data Protection Strategies with Compliance Requirements
    Ben Meyers March 13, 2024
  • Data Breach Report: March 2024
    PKWARE March 8, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024
  • Data Breach Report: February 2024
    PKWARE February 15, 2024