GDPR Revisited

Many have heard about the French data regulator CNIL imposing a $57 million (€50 million) fine on Google for violating the General Data Protection Regulation (GDPR), specifically for failing to make its data collection policies easily accessible while also failing to obtain sufficient and specific consent for ad personalization across its services. This comes as the first major GDPR violation since its inception in May of 2018. CNIL indicates that Google’s approach to gathering personal data makes it hard for users to understand what data is being collected and sold, while not being transparent in the ability to opt out.

Although this is not the first fine imposed for violating GDPR, it is by far the largest. In December, a Portuguese hospital was fined €400,000 after its staff permitted unauthorized access to patient records, while a German social media and chat service was fined €20,000 in November for storing passwords in plain text.

Lessons Learned?

Will there be a change to the privacy policies and settings from providers such as Google, or will it change the user experience of such services? According to CNIL, these violations are yet to be remediated, and after all, the fine represents less than three hours of Google’s revenue. Will organizations continue to assess and mitigate risks related to the consent, privacy and protection of EU personal data, or will they be willing to accept the risk of being breached and/or face the fines for noncompliance with GDPR?

What’s Next

GDPR is not going away, and it is only a matter of time before additional privacy regulations are adopted domestically and internationally.

If you have any questions related to the GDPR or the privacy and protection of data, please visit our GDPR Compliance page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

IRS Updates Guidance for Filing Delinquent International Information Return
Treasury Releases Proposed and Final Foreign Tax Credit Regulations
OMB Releases Holiday Present
Consolidated Appropriations Act – 501(c)(6) Organizations Qualify for PPP Funding
PPP Recipients Now Eligible for the Employee Retention Credit!
What Is in the Second Round of Stimulus for Nonprofits?

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102