An Impressive £44 Million GDPR Fine For Google!

GDPR has been a reality for businesses for a fair few months now and we hope you’re all being as compliant as you possibly can be where personal data is concerned… particularly when you think that not even the biggest companies out there are immune to mistakes and any brand can be hit with a huge fine if they’re not particularly careful.

You’d think that Google, being one of the biggest tech companies out there, would have made sure it was doing all it can to remain compliant, but given that it’s just been fined £44 million by French data regulator CNIL for breaching data protection rules, it looks like there are still lessons to be learned by all.

According to the BBC, the record fine was levied because the company demonstrated a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. The regulator was of the opinion that people had been insufficiently informed about how Google collected data in order to personalise its ads.

In a statement, Google said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR.”

Since businesses, big and small, could well be hit with astronomical fines like this, you’d be wise to review your processes and procedures on a regular basis to ensure you’re compliant with the new rules.

Where your software is concerned, make sure that you check what kind of personal data is being stored and ask yourself if you really need it. The best plan of attack where GDPR is concerned is to ensure that you only collect the absolute minimum of data that you can’t operate without.

From there, make sure that all personal data is encrypted so that it’s unintelligible for people who don’t have the decryption keys. Encryption itself may not be a requirement under GDPR but you’d be wise to prioritise it so you know that you’re protected – and so you can prove that you’ve taken the necessary steps for said protection.

Where mobile app data is concerned, make sure that you consider user privacy from the very beginning of app development so that you comply with Article 23 and only hold absolutely vital user information.

Recent research from the University of Oxford revealed that mobile app data harvesting and sharing is out of control these days, with nearly 90 per cent of free apps on Google Play sharing data with parent company Alphabet. Because these free apps track behaviour across numerous platforms, brands can compile detailed profiles, including information like gender, location and age.

Ensure that you receive explicit user consent to collect personal information via apps and also make it as easy as possible for people to opt out, both of which can be sorted out in the design stage of your new app.

For help with bespoke software in Leeds, give us a call today.