In late May 2018, the European Union’s General Data Protection Regulation went into effect, with new requirements for how organizations handle personal data collected from EU citizens and residents. The regulation promised fines for organizations that broke the rules, and those fines are just starting to roll in. The largest and most high-profile fine so far was announced in late January, imposing a 50 million euro fine (about $56.7 million U.S.) on Google for violating consent requirements.
Fewer than 100 fines have been levied so far, a very small percentage of the thousands of data privacy complaints, according to CSO website, but meeting planners who handle personal registration data, and whose attendees might include an E.U. resident, need to be vigilant not to put their organizations at risk. GDPR gives people the right not to have their personal dat a collected, or, if they opt-in, to be able to access their data, to know how it’s being used, and to be notified within three days of a data breach.
This article from CMS Wire looks at the three major GDPR fines and the lessons learned from them, including a reminder to go back to basics and remember to encrypt passwords and restrict access to sensitive data.