Something I’ve noticed since the summer holidays came to an end, interest in GDPR related training and discussions have dropped away. I’ve asked around why this might be. The most common type of response is “Sure that GDPR thing was a pile of scare mongering. Nothing has happened. It’s like that Y2K nonsense we had a few years back”. I keep having to remind people that the GDPR hasn’t gone away. The law went into force on the 25th of May. If there are going to be any investigations, leading to prosecutions and fines, these will take a little bit of time to come to a conclusion. I think we will start hearing about some of these before the end of the year in Ireland.
The first GDPR fine has been issued
The first GDPR fine in Europe has just been issued in Austria. Their data protection authority (DSB) has fined the owner of a business €4,800 for having a CCTV camera that was monitoring too large an area of the public footpath outside the premises. Large scale monitoring of public places is not permitted for private individuals or businesses under GDPR. There was also inadequate signage for the camera. Anybody who comes to my training gets told that sign makers will be making fortunes out of the GDPR.
What was also notable in that report, is that there are 36 post-GDPR fine proceedings pending with the DSB. So to reiterate – The GDPR hasn’t gone away you know.
And the GDPR hasn’t gone away in Ireland either
We know that the Data Protection Commission (DPC) have a number of investigations underway. Most publicly is the Facebook data breach. That has only just happened, so don’t expect to hear much on that until sometime next year probably. But there are a number of other investigations with prosecutions pending with the DPC right now. Once these come to light, I think we shall see an increase in interest from businesses wanting to get compliant.
Quick update on a previous story
A quick update on a previous data breach story. This is the USB stick that got mislaid from Heathrow Airport in October 2017. The UK’s Information Commissioners Office (ICO) has just hit Heathrow Airport with a £120,000 fine for that breach. Now the amount of personal data on that stick was limited enough. However the ICO decided to hit harshly due to poor corporate standards and staff training which led to the breach. This fine was brought under the old legislation, pre-GDPR. The maximum fine available under that law was £500,000. As the GDPR puts much more responsibility on companies to protect personal data, if they were to have the same thing happen now, they would get a much larger fine.
If there’s one take away from all of this – the GDPR hasn’t gone away. ? If you want to find out the type of training that I deliver, I’ve got my normal GDPR Awareness training and my ***ALL NEW*** GDPR Practical training is now available. Get in touch on info@L2CyberSecurity.com or call 087-436-2675 to discuss further.