Foreign Companies Also Subject to the Same Rules Without Exception
[Asia Economy Reporter Hwang Yoon-joo] As the European Union's (EU) General Data Protection Regulation (GDPR) passes its second year of enforcement, sanctions against violating companies are rapidly increasing, requiring caution from our companies.
According to the 'EU GDPR Violation Cases and Corporate Precautions' report released on the 12th by the Korea International Trade Association Brussels Office, since the GDPR enforcement in May 2018 until May of this year, the number of fines imposed by EU countries on companies violating the GDPR reached 273 cases, with a cumulative amount of 150 million euros over two years.
By country, Spain (81 cases), Romania (26 cases), and Germany (25 cases) had the most imposed cases, while by amount, France (51.1 million euros), Italy (39.4 million euros), and Germany (25.1 million euros) ranked highest. Reasons for fines included insufficient legality in personal data processing (105 cases), inadequate technical and managerial protective measures (63 cases), and deficiencies in personal data processing principles (41 cases).
France imposed a fine of 50 million euros on Google for lack of transparency in personal data processing and violations of data subjects' rights to access information. Italy fined its domestic telecommunications company TIM 27.8 million euros for conducting telemarketing without consumer consent and failing to obtain consent for data usage purposes. Austria Post, British Airways, and Marriott UK also received fines for unauthorized collection, use, and leakage of personal data.
The report stated, "In case of GDPR violations, not only fines but also significant damages such as changes in business practices and loss of customer trust occur. Therefore, it is necessary to familiarize with key violation clauses, allocate sufficient budget and personnel, and strive for compliance." It added, "If any suspected violation occurs, promptly reporting to supervisory authorities and actively cooperating with investigations helps in determining whether fines are imposed and their amounts."
Kang No-kyung, Deputy Manager of the Korea International Trade Association Brussels Office, emphasized, "Companies that have been fined treat the EU GDPR as a major business risk in their annual reports and are strengthening compliance monitoring obligations. Since our companies are no exception, systematic and sustainable responses to GDPR compliance are necessary."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
