Actions for breach of the GDPR:
On 21 January 2019 the largest sanction to date was imposed under the GDPR by the French authorities. A fine of 50 million euros was imposed against Google LLC for lack of transparency, inadequate information and lack of valid consent regarding personalisation of advertisements. The French Data Protection Authority (FDPA) determined that the information provided by Google was not easily accessible for users, with some information not clear or comprehensive. The FDPA found that the purposes of processing were often described in too generic and vague a manner, the legal basis for processing was not made clear and information about the retention period was not always provided. The FDPA consider that the amount of the fine was justified by the severity of the infringements, particularly as they were continuous and not merely intermittent.
Other actions taken under the GDPR:
- In October 2018 the Austrian DPA imposed the first-known fine under the GDPR for illegal video surveillance activities, charging the infringing company €4,800.
- In November 2018 a social media company was fined €20,000 in Germany for failing to meet its GDPR obligations in relation to security. The fine was minimal however due to the company’s subsequent cooperation with the authority.
- The Portuguese authority (CNPD) imposed a €400,000 fine on a hospital after a data breach in December 2018.
The first ICO decision under the GDPR is still awaited and is likely to attract a great deal of attention in the UK, particularly if it isn’t against a multi-national giant and can be used to gain some insight into how the ICO will be assessing the level of penalties.
Whilst the level of the fine Google LLC received is unlikely to be replicated in an action in the UK against a club for a breach of data protection, it is nevertheless a reminder of the importance of ensuring your club’s continued compliance with the GDPR.
We are pleased to have worked with Gallagher, the RYA partnered insurance broker, to ensure the delivery of a cyber insurance policy for Clubs and Class Associations, providing cover for a range of data breaches including civil fines and penalties, details of which are provided in the Gallagher article “Crime is changing….” in this month’s Club Room. General information on Gallagher insurance cover can be found on our website Gallagher Summary of Cover.
Find books for your course at the RYA Shop
Our handy guide shows the books & DVDs that go with your course!