<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    Pick a number… What should the GDPR fine be?

    Published on 27 Mar 2018 by Lynne Callister

    GDPR fine

    Arguably the reputational damage done to Facebook and the ensuing #deletefacebook campaign in the wake of its recent data scandal will hit it much harder than any fine imposed by regulators.

    But, at a time when the GDPR's bumper fines are making waves, does anyone want to take a guess what the final figure might have been if Facebook was fined post-GDPR?

    What do you think the GDPR fine should be? Tweet us your thoughts @iSkillcast.

    Here are the main factors that are taken into account when deciding on the amount of the fine under the GDPR:

      1. The gravity, nature and duration of the infringement, the number of people affected and the level of damage they experience - it's hard to justify Facebook's actions here:

        • Facebook was warned about the breach in 2015 but did not warn users or carry out an audit to confirm that GDPR finepersonal data had been deleted
        • 50 million Facebook users are affected
        • Damage - embarrassment, loss of trust, voter manipulation even?
      2. Categories of personal data affected - if the allegations are proven, special category (sensitive) data - ie voting preferences - might also have been misused.
      3. Whether the infringement is negligent or intentional - hard to say, but Facebook certainly failed to have proper control over third parties or chose to ignore what they were doing.
      4. The action taken by the controller to mitigate the damage - Facebook was slow to react back in 2015 and simply allowed firms to self-certify that personal data had been erased without auditing them properly.
      5. The degree of responsibility of the controller or processor - Mark Zuckerberg has faced a barrage of criticism over his silence, with the academic claiming he has been made a scapegoat.
      6. Any relevant previous infringements - well, that's tricky as Facebook already has form for its cavalier attitude to user data - as evidenced by its WhatsApp data sharing and €1.2mn fine by the Spanish data authorities.
      7. The degree of cooperation with the supervisory authority - admittedly, Facebook "ceded to the ICO to allow its investigation" but only after it had already visited Cambridge Analytica's premises when the scandal broke.
      8. Aggravating or mitigating factors (eg financial benefits gained from the infringement) - anyone care to look at Facebook's ad revenues for the period? Did it also benefit from Kogan's sale of data to Cambridge Analytica?

    Interestingly, Mark Zuckerberg has since claimed that his 'idealistic vision of data portability' may have stopped him focusing earlier on privacy matters. In an era where portability is fast gaining traction, perhaps the Facebook scandal is only the beginning? Exactly what are we prepared to trade and with whom?

    Finally, with Facebook's value dropping $50bn and its reputation at an all-time low, maybe the size of any fine is afterall immaterial? But, it's a wake-up call for all companies that shows none of us can afford to be complacent about data protection.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    Skillcast at Learning Technologies 2020

    About Learning Technologies 2020 (#LT2020UK) Learning Technologies is Europe's leading conference dedicated to organisational learning and the technology that supports it. It's on February 12-13th at ...

    Read More
    The Biggest Financial Crime Fines

    Monetary fines are the most common punishment for financial crimes. They serve as a powerful tool for encouraging companies to apply best practices to ensure 100% compliance. Yet, despite all the ...

    Read More
    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More