Irish University Learns the Hard Way That GDPR Violations Result in Fines
The Irish Data Protection Commission (“DPC”) recently imposed a €70,000 fine on University College Dublin (“UCD”) for violations of the General Data Protection Regulation (“GDPR”). The DPC has now issued six fines, five of which have been on nonprofit or government organizations; a stark reminder that GDPR is agnostic to both industry and profit motive.
Why was UCD Fined?
The DPC conducted a 6-month investigation into UCD’s data privacy and security practices, and determined that UCD had:
- failed to process personal data on its email service in a manner that ensured appropriate security of the personal data using appropriate technical and organizational measures;
- stored certain personal data in an email account in a form which permitted the identification of data subjects for longer than necessary for the purpose for which the personal data were processed; and
- failed to notify one of the personal data breaches to the DPC without undue delay. This breach was notified 13 days after UCD became aware of it.
Key Takeaways
While not catastrophic to UCD in terms of financial penalties (this time, at least), this is a black eye to the university and a notice that organizations of any type and size can be subject to GDPR, with commensurate fines for regulation violations. Universities all over the globe who collect, process and store personal data of European citizens should review their approach to data privacy and security so that they are compliant with GDPR’s many requirements.
How Can Clym Help?
Clym believes in striking a balance between legal compliance and business needs, which is why we provide a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws, including those in the UK, as they come online. Our platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.