Lesson 3The importance of privacy in project management
- Notion 15 - Why does privacy matter for project management?
- Notion 16 - What is considered user personal data?
- Notion 17 - Privacy legislation in the EU
- Notion 18 - Data protection principles
- Notion 19 - The legal ramifications of violating privacy
- Notion 20 - Privacy by Design: matching design with privacy needs
- Notion 21 - Consent is the magic word
- Notion 22 - The role of the project manager in ensuring privacy
- Notion 23 - Conducting a Privacy Impact Assessment
- Notion 24 - How can data protection lead to more sustainable project management?
- Notion 25 - Quiz
Notion 19
The legal ramifications of violating privacy
Target skills
Failing to respect your customers' privacy can result in reputational harm, loss of personal information, and wasted resources. Increasingly, it can also put you in violation of the law, and lead to large fines and legal claims.
What actions can lead to a penalty or legal action?
Violation of any part of the GDPR can lead to an administrative fine or private legal action. Some key GDPR violations include failing to:
- Maintain a GDPR-compliant Privacy Policy: https://www.termsfeed.com/blog/sample-gdpr-privacy-policy-template/
- Obtain consent for the setting of non-essential cookies: https://www.termsfeed.com/blog/gdpr-consent/
- Facilitate the GDPR data subject rights in a proper and timely way: https://www.termsfeed.com/blog/gdpr-8-user-rights/
- Apply appropriate security measures when processing personal information: https://www.termsfeed.com/blog/gdpr-readiness-checklist/#Security_Conscious_Approach
- Apply proper safeguards when transferring personal information outside of the EU: https://www.termsfeed.com/blog/gdpr/
Main monetary sanctions of GDPR:
- A private right of action, allowing individuals to bring private legal claims for any damage caused by a GDPR violation
- Administrative fines issued by the EU's Data Protection Authorities (DPAs). These can amount up to €10 million (approximately $11 million) or 2 percent of total worldwide turnover (whichever is greater) for less serious violations, and up to €20 million ($22 million) or 4 percent of total worldwide turnover (whichever is greater) for more serious violations.
Persons held accountable under the GDPR
Data controllers are the main subject of GDPR sanctions and legal claims, as they hold primary responsibility for obeying the GDPR's principles and facilitating the rights of individuals of their personal information.
However, a data processor can also be liable for a penalty or private legal claim if it violates the GDPR's rules for data processors, or if it goes against the lawful instructions of its data controller.
Examples of sanction regarding data protection
The biggest GDPR fine so far remains the €50 million ($55 million) fine against Facebook by the French DPA.
The UK's DPA has also threatened fines against Marriott Hotels for £99.2 million ($122.3 million), and British Airways for £183.39 million ($226.2 million).
EasyJet is also facing an £18 billion ($22 billion) class-action lawsuit after a massive data breach in early 2020.