In 2022, it has never been more important to have a GDPR representative on hand for your business. Since the new rules came into place in 2018, GDPR compliance has continued to advance and become more responsive to consumer needs.
While many companies took GDPR extremely seriously when it came into fruition a few years ago, many have not kept up to date with any changes since then, and some big businesses were caught out last year.
This article will highlight what you should expect from GDPR compliance this year and how to stay out of trouble.
Consumer Consent Trends Are Not Going Anywhere
The more familiar consumers are becoming with GDPR and online privacy measures, the more they understand that a company must have their total and free consent before contacting them and that they have the power to revoke that consent at any time.
Consent has been one of the major factors that large companies have breached since the inception of GDPR, and it was the main focal point behind the significant fines that Google and Amazon got served.
Gone are the days when consent was a simple box-ticking exercise. Instead, consent must be offered freely, with consumers deciding this based on information. In addition, companies must strive to show transparency to ensure consumers know how their data is being used to develop a trusting relationship.
EU’s New AI Regulation
One of the most significant changes to GDPR in 2022 will be the EU’s AI regulation. This proposal suggests AI systems should be handled differently based on how risky it is. For example:
- Unacceptable risk AI: Any AI that is harmful to the user’s data and goes against EU values.
- High-risk AI: Any AI that impacts a consumer’s fundamental rights or safety.
- Limited risk AI: Any AI that has a limited impact on rights and safety will be subject to a lesser set of obligations.
- Minimal risk AI: AI systems that can operate in the EU without any further legal requirements above existing legislation.
EU’s ePrivacy Regulation
Another potential 2022 development that marketers need to be aware of is ePrivacy, which aims to:
- Develop rules for any digital communications and protect end users’ privacy, the integrity of their digital devices, and the confidentiality of any communications.
- The ePrivacy regulation aims to also cover confidentiality and metadata alongside personal data and will cover machine-to-machine communication, instant messaging apps, and Voiceover Internet Protocol.
We did not hear very much about ePrivacy legislation in 2021. However, work is still ongoing behind the scenes, making this legislation one to be aware of in case it comes to fruition in 2022.
Some of the most Major GDPR Fines Due to Non-Compliance
If you ever wondered how seriously EU lawmakers and GDPR enforcers take compliance, you only have to look at some of the major GDPR fines that have gotten issues in recent years. Here are some of the largest fines to date:
Total Fine: $886.6 Million
The largest GDPR-related fine to date is held by Amazon after they were fined a whopping $886.6 million in July 2021.
This fine was issued after it was recognized that Amazon had processed personal data in a way that violated the bloc’s GDPR legislation. The fine was imposed on July 16th by the Luxembourg National Commission for Data Protection.
Total Fine: $56.6 Million.
In January 2019, Google was hit with an enormous fine by the French GDPR regulators.
This fine was served to Google as it violated its requirements under two sections of GDPR. One, it broke the obligations of transparency and information law, and two, for having a legal basis for ad personalization processing.
Total Fine: $41 Million
In October 2020, major clothing brand H&M was forced to pay over $41 million in fines. This time, rather than breaching consumer rights, the Nuremberg office in Germany was found to have been illegally surveilling its employees.
The office was recording employees’ concrete vacation experiences, as well as any symptoms of illness, regulators found.
On top of that, supervisors were getting asked to gain a broad understanding of their employees’ personal lives, including religious beliefs and family issues.
This knowledge was then recorded and stored online, and as many as 50 other managers had access to it.
Total Fine: $31.5 million
In January 2020, the Italian SA fined TIM for various instances of processing marketing information unlawfully. This fine was so large as the infringement impacted so many individuals. Even back in January 2017, the SA was getting hundreds of complaints about TIM, mainly regarding unsolicited marketing calls they were receiving, despite not offering their consent for these calls.
You may also like: Understanding the GDPR: General Data Protection Regulation
Image source: Shutterstock.com