Comment by jimnotgym

7 months ago

Do you know a small business that has got into trouble with GDPR?

You can filter this list to see 200+ GDPR fines assigned to sole proprietors, the smallest of small businesses, individuals that haven't even registered a separate entity for their business:

https://www.enforcementtracker.com/

They're only cataloging the (2500+) publicly known ones, most of which have a link to a news article. As an example: some guy in Croatia emailed a couple websites he thought might be interested in his marketing services, and provided a working opt-out link in his cold emails. One of them reported the email to the Italian Data Protection Authority who then put him through an international investigation and fined him 5000 euro.

"Assuming here that the reasons expressed in the aforementioned document have been fully recalled, [individual] was charged with violating articles 5, par. 1, letter a), 6, par. 1, letter a) of the Regulation and art. 130 of the Code, since the sending of promotional communications via e-mail was found to have been carried out without the consent of the interested parties. Therefore, it is believed that - based on the set of elements indicated above - the administrative sanction of payment of a sum of €5,000.00 (five thousand) equal to 0.025% of the maximum statutory sanction of €20 million should be applied."

  • It's worth noting that each country has a different approach to GDPR enforcement (which arguably defeats the point of it but that's another discussion).

    The UK tends to be a lot more (IMO) reasonable in its approach than some other European countries. Italy tends to be one of the strictest, and likes to hand out fines, even to private individuals for things like having a doorbell camera. The UK has only fined one person on that basis, and it was more of a harassment case rather than just simply that they had a camera.

    ICO and Ofcom aren't generally in the business of dishing out fines unless it's quite obviously warranted.

  • To clarify, I'm not interested in this, because it doesn't answer the question at all. I don't want a Googled answer, I want personal experience.

    For instance, I know of a company that flouted GDPR and got multiple letters off the ICO trying to help them with compliance before finally, months later, they ended up in court and got a very small fine.

    Edit: it is not cool to edit your post after I replied to make it look more reasonable

They do not get into trouble because have spent the money and the time on compliance, which is an unfair burden.

Also, is not just small businesses, it is not for profits too.

Yes. $30k in compliance costs from a pissed off ex-employee and malicious gdpr requests.

  • Any more details? What information did the employee request that cost money to fulfil? Interesting that it was in dollars?

    • > What information did the employee request that cost money to fulfil?

      Employees costs money, and so do attorneys. When people won't limit scope, that can require extensive manual review.

      You've spent 20+ posts misinforming about compliance costs in this thread alone so forgive me if I don't believe this is anything like a good faith query. If you know people who operate companies, it's easy to find cases.

      $ because I'm American.