GDPR Revisited

Many have heard about the French data regulator CNIL imposing a $57 million (€50 million) fine on Google for violating the General Data Protection Regulation (GDPR), specifically for failing to make its data collection policies easily accessible while also failing to obtain sufficient and specific consent for ad personalization across its services. This comes as the first major GDPR violation since its inception in May of 2018. CNIL indicates that Google’s approach to gathering personal data makes it hard for users to understand what data is being collected and sold, while not being transparent in the ability to opt out.

Although this is not the first fine imposed for violating GDPR, it is by far the largest. In December, a Portuguese hospital was fined €400,000 after its staff permitted unauthorized access to patient records, while a German social media and chat service was fined €20,000 in November for storing passwords in plain text.

Lessons Learned?

Will there be a change to the privacy policies and settings from providers such as Google, or will it change the user experience of such services? According to CNIL, these violations are yet to be remediated, and after all, the fine represents less than three hours of Google’s revenue. Will organizations continue to assess and mitigate risks related to the consent, privacy and protection of EU personal data, or will they be willing to accept the risk of being breached and/or face the fines for noncompliance with GDPR?

What’s Next

GDPR is not going away, and it is only a matter of time before additional privacy regulations are adopted domestically and internationally.

If you have any questions related to the GDPR or the privacy and protection of data, please visit our GDPR Compliance page.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

ACFE releases Anti-Fraud Technology Benchmarking Report
Is Your Nonprofit Organization at Risk of Falling Into the Starvation Cycle?
Due to Feedback, IRS is Brainstorming Other Ways to Calculate the Tax on Parking
2019 Compliance Supplement
Exempt private schools offered new option to display nondiscriminatory policy
National Flood Insurance Program Extension

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102