Data Privacy & Security Recap: July 2019 Edition

This month we take a look at the latest trending headlines related to data privacy and security.

GDPR Penalties and Fines

Since the General Data Protection Regulation (GDPR) came into effect last year on May 25, focus on data security has increased worldwide. In the past year, the European Commission has displayed seriousness towards GDPR implementation by imposing fines totaling more than €56 million across 91 companies, including €50 million against a single organization.

Here’s a look at some of the most prominent and the biggest fines imposed upon businesses for violating the GDPR.

British Airways

Earlier this month British Airways was fined $230 million, which is roughly 1.5% of the carrier’s annual revenue when the personal information of approximately 500,000 customers got compromised. Termed as the largest penalty under the GDPR, the UK-based carrier will be fighting the penalty. Read more at CNN

La Liga

In Spain, the national data protection agency (AEPD) imposed a 250,000 euros ($283,000) fine on the country’s soccer league La Liga. The fine was in response to Spain’s top professional football division illegal use of its mobile app to detect the bars that screen football matches without paying. For details, read more at World Intellectual Property Review

Sergic

Meanwhile, the French data protection regulator accused the real estate provider Sergic of violating the GDPR norms. According to the French DPA, certain key documents (comprising individuals’ identity cards, tax notices, account statements etc) could be accessed on Sergic’s site by modifying its URL. The France-based watchdog CNIL imposed €400,000 fine considering the seriousness of the breach, sensitivity of the documents and the entity’s size. To know in detail how Sergic failed to adhere by the GDPR norms, read more at Socially Aware Blog

Struggling with Data Privacy

The sheer size of the imposed penalties indicates regulatory bodies are not shying away from imposing fines when customer data is compromised. It’s true that when companies use third parties to process customer data, chances of security breach go up. However, some entities are unknowingly not complying with the GDPR like the King’s College London’s (KCL). In an independent investigation, it was found that the University breached the EU’s General Data Protection Regulation (GDPR), and its own data protection policy when it shared the sensitive personal data of students and staff with the Metropolitan Police. To understand the depth of the breach, read more at The Register

In another incident, it was found that a contractor hired by Customs and Border Protection (CBP) violated the privacy protocol when it transferred copies of license plate images and traveler images. Reports suggest that at least 50k American license plate numbers are available on dark web due to this security lapse. To know more about it, read at WBAL-TV 11

The first anniversary of GDPR also witnessed the Belgian Data Protection Authority’s decision to issue its first fine. Worth EUR 2,000, the fine was imposed on a local politician who abused the email addresses of citizens for elections. So, here’s what happened Lexology

Dataguise, a leader in the data privacy and security space for over a decade, is committed bringing you the latest trending stories and articles. We hope you find our monthly recap useful, and if you’d like to learn more about how Dataguise helps enterprises worldwide locate, identify, protect, and monitor the privacy of their sensitive personal data, contact us any time for more information or to set up a free product demo.

Solution Brief: Privacy and Security, Together for Greater Trust