undefined | Better HN

0 pointsperlgeek4y ago0 comments

If you run a company that violates the GDPR, you might get sued and have to pay some fines. This is a calculated risk taken by many executives.

If you then get a letter from the regulator stating that you were in violation, and have to delete some data, and you answer that you did, and signed it -- then you're likely up to criminal charges if that was a lie.

This is not a line most executives are comfortable with crossing.

If any subsequent GDPR shenanigans come up, and they found you intentionally lied to the regulators, you're in some deep shit.

There might or might not be auditors visiting you after the first letter. If you lie and are found out, your career is over, and you might wind up in prison.

It's not perfect for enforcing privacy, but it's much better than not having such a ruling.

0 comments

denton-scratch4y ago

> There might or might not be auditors visiting you after the first letter.

The ICO in the UK doesn't work like that, AFAIAA. You first get a polite letter; then a firmer letter containing helpful advice on how to come into compliance.

After that, you join a huge queue of companies awaiting legal enforcement action. The ICO is deliberately underfunded; it always has been. The government passed data protection laws, but they reserved the power of enforcement to an agency that was crippled from the start.

I welcome this court decision, obviously.

[Edit] Most of the penalties levied by the UK ICO used to be against local governments and government agencies. They were rarely against commercial operations. I see that there are some companies (that I've never heard of) now appearing in the list.

https://ico.org.uk/action-weve-taken/enforcement/

j / k navigate · click thread line to collapse