We provide the complete commercial debt recovery service; from outsourced early arrears collections through to expert litigation, all handled in-house by a multi-award-winning law firm.

 

Visit our debt recovery website

In May 2023, Meta, the owner of Facebook, was given a record-breaking €1.2b (£1b) GDPR fine by Ireland’s Data Protection Commission (DPC).

The fine was imposed because Meta breached Article 46 of the EU GDPR by transferring personal data from Europe to the US, because although Meta implemented a number of organisational and technical measures, if the US Government was to request such data under the Foreign Intelligence Surveillance Act, Meta would be required to disclose it, and this contradicts the protections offered by the GDPR.

The ruling stems from the 2020 Schrems II case, where the European Court of Justice (ECJ) determined that Privacy Shield Framework could no longer be relied upon for GDPR compliance. Organisations transferring personal data to the US must now consider alternative measures, such as standard contractual clauses (SCCs). The DPC found that Meta’s measures did not adequately address the risks to data subjects’ rights and freedoms, resulting in the significant fine and a suspension of future data transfers to the US.

Whilst a political solution may be on the horizon, as the European Commission and the US have reached a preliminary agreement on a new Trans-Atlantic Data Privacy Framework, companies must ensure compliance with the current framework until these solutions materialise.

The EU GDPR sets a maximum fine of €20m or 4% of annual global turnover, whichever is the greater, and UK GDPR sets a maximum fine of the of £17.5m or 4% of the organisation’s global annual turnover.

Therefore, whilst this record-breaking fine is at the upper end of the extreme, it serves as a stark reminder to companies of the importance of GDPR compliance.

Please note that this information is for general guidance only and should not substitute professional legal advice. If you have specific concerns, we recommend consulting with one of our legal experts.

If you have any questions about how your company can ensure its compliance with the UK GDPR or any other data protection and commercial legal issues, our highly experienced Commercial team will be happy to help. Please contact Haroon Younis on 01332 226 466 or fill in the form below to request a no-obligation discussion.

Scroll to next section

Scroll back to the top

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information on how these cookies work, please refer to our Cookies Policy.

Strictly necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.

Force24 cookies & tracking

This website utilises Force24’s marketing automation platform. Force24 cookies are first-party cookies and are enabled at the point of cookie acceptance on this website. The cookies are named below:

F24_autoID
F24_personID

They allow us to understand our audience engagement thus allowing better optimisation of marketing activity.