Meta, the parent company of Facebook, Instagram and WhatsApp, was fined a record €1.2 billion by the Irish Data Protection Commission on May 22. This sanction comes as a result of the illegal transfer of personal data to the United States despite the invalidation of the Privacy Shield. This is the fifth time Meta has been sanctioned by the Cnil, bringing the total fine to 2.5 billion euros.
More than 5 years after the RGPD came into force, this conviction underlines the determination of regulatory authorities to enforce data protection legislation. As a reminder, fines can reach 20 million euros or 4% of a company’s annual sales, whichever is higher.
The good news about the RGPD is that setting the penalty obeys the main principles of « conformity » or « compliance ». In particular, the CNIL takes into account the behavior of the company being prosecuted, its goodwill, and the compliance program implemented.
We can help you with your RGPD compliance strategy to make it both a lever for adding value to your data and implement a « Risk management » vision, and by offering you concrete, operational solutions, rather than unfeasible theoretical solutions.