<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

GDPR Fines: Not Just for Big Tech Companies

wooden judge gavel, moneybag and coins

There have been a number of articles recently that have lamented the lack of General Data Protection Regulation (“GDPR”) fines imposed for data privacy violations. While companies have been fined more than $500 million for GDPR violations, most have been levied against major multinational corporations like Google, Marriott andBritish Airways. It appears that an increase in enforcement is on the horizon, as Ireland’s child and family agency Tusla was recently fined €75,000 for three GDPR violations.

 

The background

Tusla is an Irish organization that is responsible for improving the well-being and outcomes for children. The agency was fined €75,000 due to an investigation into three cases where information about children was wrongly disclosed to unauthorized parties. In one case, Tusla disclosed the contact and location data of a mother and child victim to an alleged abuser. In two other cases, Tusla disclosed data about children in foster care to blood relatives, one of whom was an imprisoned father. Tusla is not contesting the fine. Helen Dixon, the Commissioner of Ireland’s Ireland’s Data Protection Commission (“DPC”) stated that human error and a lack of adequate compliance mechanisms caused the violations.

 

Why it’s important

Tusla is not a global corporation; it’s an organization whose mission is to protect children in Ireland. While many fines levied thus far have been against tech companies or big corporations, governing jurisdictions are increasing enforcement, and if your company is out of compliance, you could face significant financial penalties. It’s important to know that Tusla self-reported the incidents in question to the DPC; had they not done so the fine would likely be higher. As additional data privacy regulations such as the California Consumer Privacy Act (“CCPA”) are implemented and enforced (CCPA enforcement starts July 1, 2020), noncompliant organizations could be subject to penalties in multiple jurisdictions.

 

What you can do to avoid GDPR fines

Getting your company compliant with data privacy laws is very important, and Clym can help. We off era cost-effective, easy-to-use compliance platform that can get your website compliant immediately. Click here to book a demo with one of our specialists today.