GDPR - Why is it important?

Why GDPR is important?

The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU.

When we talk about international businesses, here in Mauritius, many will say we trade locally only. You can be wrong when you have a website. When you have a website you are no more local. You have gone worldwide.

What is the fine for breaking the rules?
The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU

Even Google has not been spared!!!

The recent fine of €50 million (US$57 million) imposed on Google for breaking privacy laws under the EU’s General Data Protection Regulation (GDPR) has certainly shown that the new rules have big consequences for corporations and marketers and one for all companies to pay close attention to.

In January, France’s data protection office (CNIL) found the tech giant in violation of the laws by failing to obtain adequate consent from users when processing their data for the purpose of personalized advertising. In addition, it was ruled that Google did not provide information that was clear and easily accessible to consumers about how their information is collected and held.

The Case: Google’s Breach of the Rules

The CNIL initiated its investigations following two complaints it received against Google in June 2018, very soon after the implementation of GDPR. The complaints were lodged by NOYB and La Quadrature du Net, a group mandated by 10,000 data subjects to file a complaint. They claimed that Google did not have a valid legal basis to process the personal data of its users for the purposes of its user behavioral analysis and ad personalization activities. 

To investigate the complaints, the CNIL initiated a series of online inspections on Google's platform, and ultimately determined that Google had breached fundamental aspects of the GDPR.

Firstly, the CNIL found that Google did not make the relevant data protection notice easily accessible to users, which breached Article 12 of the GDPR. It was ruled that the notice was “not always clear and comprehensive” and only accessible after several steps were taken by users.

Secondly, they found that Google breached Article 13 of the GDPR, as its notice did not comply with the requirement to provide specific, mandatory information to data subjects. The CNIL held that “users are not able to fully understand the extent of the processing operations carried out by Google” as the information provided was “too generic and vague”. It found Google’s processing activities to be “particularly massive and intrusive” due to the multiple purposes for which the company processed personal data. 

It was deemed that users were effectively unable to exercise their right to opt out of data processing for personalization of ads. Users were not asked specifically to opt into ad targeting, instead of being asked simply to agree to Google’s terms and privacy policy en masse.

It was deemed that this did not meet the “specific” threshold of consent under GDPR, as users are giving just one consent to all of Google’s processing activities rather than separate consent for each purpose of processing.

So look out for the adequate plugin for your website which abides by the GDPR rules and regulation, while doing mass mailing and subscription form or even cookies make sure you have legally acquired those data. 

Know more about the GDPR

At CDM we respect those rules and regulations while designing your website while giving you mass mailing services and we always give you the best advice to grow up your brand or business in the legit and legal pathway.

The major source of this article is from the Digital Marketing Institute UK ( Membership portal)

Posted in Online Law on Jun 09, 2019

Back to list