The General Data Protection Regulation (GDPR) — a European Union (EU) data privacy law with a global reach — has been in the news since May 25, 2018, the day it took effect. Since then, we’ve seen numerous reports on compliance challenges, gray areas, and fines.
It’s the last of those — GDPR fines — that the international media has reported on the most. And for good reason: no other data protection and privacy law worldwide has had the punitive effect that the GDPR has had.
With GDPR violations by Facebook, Instagram, WhatsApp, Twitter, LinkedIn, Apple, and Google (again!) currently being investigated, it’s unlikely that we’ll get through 2020 without even larger fines.
Going solely by these reports, it’s easy to think that the GDPR and its fines apply only to multinational corporate giants. Before you heave a sigh of relief, know that the GDPR applies equally to your business, whether you have one employee or one hundred.
In the second half of 2019 alone, numerous SMBs have been fined for GDPR violations. To be fined, your business doesn’t need to suffer a data breach. Even minor mistakes can result in large fines. Consider this example:
Inteligo Media SA, an online media company with fewer than 50 employees, was fined nearly $10,000 (€9,000) because a single checkbox on one of their sign-up pages was left unchecked, which resulted in their users being automatically subscribed to promotional emails. This method of obtaining consent passively (versus actively) is unlawful under the GDPR.
If you target EU users, you need to comply with the GDPR or risk being the next statistic or example. Apart from avoiding fines, complying with the GDPR may also help grow your revenue, customer trust, and other important business metrics.