Since the General Data Protection Regulation (GDPR) came into force in May 2018, we have been in somewhat of a holding zone. The European Union (EU) was never going to issue a major fine in the first few months, preferring instead to give organisations the chance to fully ready themselves for GDPR and to err on the side of leniency.
But news this month (January 2019) that Google is to be fined 50 million euros by the French data regulator CNIL, for a breach of the EU’s data protection rules, signals that the holding pattern is over and the EU is ready to get tough with organisations found to be non-compliant with GDPR.
What are the consequences of Google’s GDPR penalty and what can be done if an organisation is still not GDPR-ready?