The European Union’s General Data Protection Regulation (GDPR) was established to ensure companies are accountable for the data they are handling, managing and storing. This includes keeping data well secured and protected, as well as ensuring the data is not used for reasons that customers are not aware of.
Related: GDPR On The Rise As EU Officials Crack Down
Since its inception in 2018, the GDPR has fined numerous companies that have not taken their data usage and protection seriously. The biggest GDPR fine recorded was a penalty to Amazon in July 2021. The big tech giant was fined a penalty of 746 million euros for not handling its customer data properly. In fact, the top three largest fines for mishandling customer data have been meted out to American companies, with Meta-owned WhatsAppand Alphabet’s Google in second and third place, respectively, after Amazon.
While the GDPR has been touted as the strictest data privacy regulation in the world, many companies are ensuring they oblige with it to not only avoid the hefty fines but also be able to operate in Europe. Globally, data privacy regulations set by other countries are now also echoing some of the regulations made by the GDPR.
In the US, data compliance is also a priority with bodies like the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) ensuring regulations are met. However, a recent report by CYTRIO has resulted in some concerns about the compliance of most companies in the US when it comes to regulations.
As of March 31, 2022, findings from CYTRIO’s data privacy research uncovered that 90% of companies are not fully compliant with CCPA and CPRA Data Subject Access Request (DSAR) requirements. Further, 95% of companies are using error-prone and time-consuming manual processes for GDPR DSAR requirements.
According to Vijay Basani, founder and CEO of CYTRIO, the research confirms that first-generation privacy rights management solutions have not gained wide adoption due to cost and deployment complexity, resulting in a high percentage of CCPA non-compliance.
“This problem will become more pronounced as CPRA enforcement takes effect in 2023 with the stringent 12-month lookback. Awareness of their data privacy rights by consumers coupled with the rise of data aggregators is driving an increased number of data requests. As the California Privacy Protection Agency (CPPA) begins active enforcement of CCPA and CPRA, non-compliance to DSAR requests will become cost-prohibitive for both medium- and large-sized companies,” added Basani.
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
Featured News
Rumble Adds David Boies to Legal Team in $2 Billion Antitrust Battle with Google
May 14, 2025 by
CPI
China Summons Delivery Giants Over Unfair Competition Concerns
May 13, 2025 by
CPI
Judge Orders Sanctions Against Missouri for Noncompliance in Price-Fixing Probe
May 13, 2025 by
CPI
Confusion Reigns In AI Policy In US and Europe
May 13, 2025 by
CPI
EU Clears ADNOC’s $16.3 Billion Acquisition of Covestro
May 13, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Healthcare Antitrust
May 14, 2025 by
CPI
Healthcare & Antitrust: What to Expect in the New Trump Administration
May 14, 2025 by
Nana Wilberforce, John W O'Toole & Sarah Pugh
Patent Gaming and Disparagement: Commission Fines Teva For Improperly Protecting Its Blockbuster Medicine
May 14, 2025 by
Blaž Višnar, Boris Andrejaš, Apostolos Baltzopoulos, Rieke Kaup, Laura Nistor & Gianluca Vassallo
Strategic Alliances in the Pharma Sector: An EU Competition Law Perspective
May 14, 2025 by
Christian Ritz & Benedikt Weiss
Monopsony Power in the Hospital Labor Market
May 14, 2025 by
Kevin E. Pflum & Christian Salas