Harry Mulhern 
French broadcasting company Groupe Canal+ was recently fined €600,000 by the French data protection authority (CNIL) for multiple violations of the EU’s General Data Protection Regulation (GDPR).
Under Article 13 of GDPR you must give data subjects information about your data processing practices, this is commonly known as the “Right to be informed”.
For the purposes of this article we are defining b2b data as personal data which has been collected within a b2b context.
GDPR might not be everyone’s favourite topic but it is important. With financial penalties for non-compliance soaring over the last few years, there’s never been a more appropriate time to review your current training programme or to put one in place.
For companies that breach the GDPR this means they can be liable for a financial penalty paid to the Supervisory Authority and individual compensation for claims brought by individuals directly or through the courts.
UK GDPR and EU GDPR have introduced some stiff penalties for poor data protection practices.
A critical vulnerability has been discovered in Log4j 2, an open-source Java package used on Apache servers to enable an activity log in many popular applications.
The High Court of England and Wales held that controllers and processors outside of the EU that nominate a representative under Article 27 GDPR cannot outsource liability for breaches of the GDPR.
The Information Commissioner’s Office (ICO), in the United Kingdom, has fined Yes Consumer Solutions Limited (YCSL) £170,000 for making 188,493 unsolicited direct marketing calls to customers registered with the Telephone Preference Service (TPS).
There are two tiers of fine under the EU-GDPR & UK-GDPR. The tiers are based on the type of violation and the type of data processing concerned.
