Northdoor comment:
Data commission issues largest fine for a GDPR breach
Under the European Union’s data protection laws, GDPR, Amazon has been hit with a huge fine. The unprecedented fine, issued by Luxembourg’s National Commission for Data Protection, is related to how the tech giant processes personal identifiable data.
It’s unclear what Amazon has been fined for, despite the headline-grabbing sum. There is no indication that there has been a criminal breach or that data has gone missing. Rather, the fine appears to relate to how data is processed internally. This noteworthy move marks a real line in the sand for companies across Europe.
How this differs from previous data breach fines
Many of the high-profile fines issued around GDPR so far have related directly to data breaches where criminals have gained access to customer data through poor practice, individual mistakes or a cybercrime victim. Where the Amazon fine appears to differ is that there has been no criminal breach.
Google, BA, H&M and Marriott Hotels have all been fined significant amounts since the regulations were introduced in 2018. However, no fines have reached the hundreds of millions. With inconsistent GDPR compliance across the EU, this fine has helped to expose the cracks in regulation adherence.
The size of the fine also suggests that the issues identified at Amazon – whatever they may be – have been prolonged and significant. It’s too soon to say whether the fine will be enforced, but since receiving the penalty, Amazon has robustly defended itself. Nevertheless, it sends a strong message to companies who knowingly flout GDPR rules, or are choosing to ignore the consequences of inaction.
The risk of non-compliance
In 2018 GDPR was introduced with great fanfare; as a result companies scrambled to ensure that they were compliant for the months around the launch.
Now, companies have to refine their data processing internal systems to adhere to General Data Protection Regulation. If they don’t, businesses could potentially face huge fines, damaged reputation and loss of revenue. With data commissions across the EU tightening up on targeting non-compliant businesses, getting internal data processing right is imperative.
Amazon’s record fine shows that Big Tech needs to take non-compliance of GDPR seriously or face heavy financial and reputational losses. Click To TweetIndustrialise the GDPR process
Companies that have yet to become compliant, or even those that believe that they are compliant but are not keeping up with data discovery and Subject Access Requests, need to quickly get up to speed.
By industrialising the GDPR process within your business, you can ensure that you become and remain compliant. Adherence to GDPR is only the start of the process, not the conclusion. Once robust internal processes are in place, companies need to execute their policies and best practices on a day-to-day basis. This will see the processes embedded as business-as-usual practices, so that they become a near-invisible, highly automated machine. Streamlining your business’ GDPR processes will, in turn, enable internal personnel to focus on core business issues.