GDPR Revisited

Many have heard about the French data regulator CNIL imposing a $57 million (€50 million) fine on Google for violating the General Data Protection Regulation (GDPR), specifically for failing to make its data collection policies easily accessible while also failing to obtain sufficient and specific consent for ad personalization across its services. This comes as the first major GDPR violation since its inception in May of 2018. CNIL indicates that Google’s approach to gathering personal data makes it hard for users to understand what data is being collected and sold, while not being transparent in the ability to opt out.

Although this is not the first fine imposed for violating GDPR, it is by far the largest. In December, a Portuguese hospital was fined €400,000 after its staff permitted unauthorized access to patient records, while a German social media and chat service was fined €20,000 in November for storing passwords in plain text.

Lessons Learned?

Will there be a change to the privacy policies and settings from providers such as Google, or will it change the user experience of such services? According to CNIL, these violations are yet to be remediated, and after all, the fine represents less than three hours of Google’s revenue. Will organizations continue to assess and mitigate risks related to the consent, privacy and protection of EU personal data, or will they be willing to accept the risk of being breached and/or face the fines for noncompliance with GDPR?

What’s Next

GDPR is not going away, and it is only a matter of time before additional privacy regulations are adopted domestically and internationally.

If you have any questions related to the GDPR or the privacy and protection of data, please visit our GDPR Compliance page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
How Should SaaS Companies Account for their Capitalized Software Costs?
Form 1023-EZ Under Scrutiny
New Year’s Resolution: Strengthen Up!
Shared Assessment SIG Questionnaire – What’s New for 2023?
5 Key Indicators Your Processes Need Digital Transformation
5 Key Indicators Your Human Capital Needs Digital Transformation
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.