GDPR Compliance Is Not Just for the Big Guys

AUGUST 17, 2018

When you see companies like WhatsApp getting brought to task by the data protection authorities and their parent company Facebook getting sued for billions by guys like privacy campaigner Max Schrems, you might be inclined to think that the consequences of GDPR is only for the big guys.

They’ve got bigger fish to fry you might think, they’ll never bother about me.

Well, that would be a mistake…

Just recently the French data protection authorities took a very hard and public line on two small start-ups. Check out this piece here.

Here’s an interesting quote from the piece:

As recently as February, the CNIL (the French Data Protection Authority) said it’s not looking to sanction companies making an in-good-faith effort at GDPR compliance. For the first few months, cooperation and diligence were enough to satisfy the CNIL.

This would seem to make sense and be the approach that you would expect from a regulator in this new, developing environment.

And yet, they still chose to make an example of these two.

But consider this quote from the article too:

Once the GDPR has had a little more time to percolate, companies should expect less latitude from regulators. Warnings could turn into fines for those that don’t comply or at least make a genuine attempt.

This seems hard to argue with, and whatever about the perceived inconsistencies in the messaging that may have emanated from regulators in the past, actions speak louder than words.

However, the really important thing is genuine action towards good faith compliance.


flor mccarthy

Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers. He is certified by the Law Society of Ireland in Data Protection Practice and lectures lawyers on data protection practice and compliance. He is managing partner of a multi award winning niche legal practice. He has been in private practice for over 20 years and has been elected by his peers to sit on the exclusive Council of the Law Society of Ireland, the governing body for Irish lawyers.

If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.

During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.