How to get fined For GDPR violations

By Andrew Angle

Recent waves of identity theft, data breaches and congressional hearings about Facebook are driving media attention toward data privacy topics. Right now the European Union’s new 200+ page legal framework known as the General Data Protection Regulation that took effect in May is striking fear among Web marketers worldwide.

Fines for GDPR non-compliance can reach €20 million Euros ($23 million) or 4 percent of revenue, whichever is greater. Not only does the law apply to electronic communications from Europe but even from Europeans who happen to be traveling. Becoming GDPR compliant offers benefits beyond avoiding fines, since it spells out some best practices in handling online visitor data.

Have you noticed sites now showing pop-ups asking you to click an “Accept” button to acknowledge that you read and agree with the site’s privacy policy and the use of cookies to personalize your visit? That and the many privacy policy updates filling your inbox are motivated by the GDPR.

I’m not a lawyer, so don’t take this as legal advice. Blogs on the subject lean toward suggesting that a business would have to seriously abuse common sense to actually get fined.

From designspace.co/gdpr, here’s my paraphrased list of how to get busted for GDPR violations:

  1. Abuse your European contact list to royally tick off lots of Europeans.
  2. Sell visitors’ names and email addresses to slimy spammers peddling everything from filthy links and Nigerian prince scams.
  3. Not only omit a privacy policy from your site but bypass reasonable privacy policy practices, such as letting your contacts unsubscribe to your obnoxious emails and texts.
  4. Ignore direct requests to be removed from your email list.
  5. Demonstrate that you have no intention of abiding by any part of the GDPR rule.

In the wake of learning about said GDPR rule and with insufficient time or budget to rewrite clients’ privacy policies, we took the “sledgehammer to a thumbtack” approach of blocking all traffic from outside of the USA. That took 15 minutes. These local sites don’t serve Europe anyway. Besides, this could eliminate nearly all data scraping and hacking attempts, since all of them I have seen originated beyond U.S. borders. After revising our privacy policy and opt-ins, we might lift the foreign traffic ban. Or maybe not. Either way, it seems more likely that abusing your contact list will cost you more from lost customers than from fines imposed by a foreign government.

Andrew Angle, of Greenwood, is the owner of NetGain Associates, Inc. He can be reached at (317) 534-2382.

Leave a Reply

Your email address will not be published. Required fields are marked *