When you see companies like WhatsApp getting brought to task by the data protection authorities and their parent company Facebook getting sued for billions by guys like privacy campaigner Max Schrems, you might be inclined to think that the consequences of GDPR is only for the big guys.

They’ve got bigger fish to fry you might think, they’ll never bother about me.

Well, that would be a mistake…

Just recently the French data protection authorities took a very hard and public line on two small start-ups. Check out this piece here.

Here’s an interesting quote from the piece:

As recently as February, the CNIL (the French Data Protection Authority) said it’s not looking to sanction companies making an in-good-faith effort at GDPR compliance. For the first few months, cooperation and diligence were enough to satisfy the CNIL.

This would seem to make sense and be the approach that you would expect from a regulator in this new, developing environment.

And yet, they still chose to make an example of these two.

But consider this quote from the article too:

Once the GDPR has had a little more time to percolate, companies should expect less latitude from regulators. Warnings could turn into fines for those that don’t comply or at least make a genuine attempt.

This seems hard to argue with, and whatever about the perceived inconsistencies in the messaging that may have emanated from regulators in the past, actions speak louder than words.

However, the really important thing is genuine action towards good faith compliance.

And to get your article 27 representation in the EU taken care of today, you can take action right here.


Flor McCarthy
Flor McCarthy

Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers.