On Saturday, it is one year since the General Data Protection Regulation (GDPR) came into effect.
Although we have yet to see the Information Commissioner’s Office (ICO) really flex its new muscle to impose fines of up to €20m (or 4% of turnover – whichever is greater), there are no grounds to be complacent.
Indeed, in the Republic of Ireland, the Data Protection Commission (DPC) recently announced that a statutory inquiry been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange. The 2018 turnover of Google Ireland Limited was reportedly €32bn.
The purpose of the DPC’s inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the GDPR and specifically the principles of transparency and data minimisation as well as retention.