NTT Data Spain, a subsidiary of Japanese information technology service provider NTT Data Corporation [9613:JP], was fined EUR64,000 (USD64,300) for violating the European Union’s General Data Protection Regulation (GDPR), as reported by Nikkei Asia on November 11. NTT Data Spain was accused of leaking an insurance company’s data and failing to employ sufficient data protection measures in its customer management system in August 2021. NTT Data Spain has confirmed the data breach and subsequent fine.
The EU’s GDPR, which took effect in May 2018, is one of the world’s strictest privacy and security laws. Organizations providing goods and services to EU citizens and residents are required to comply with the GDPR even if they are not located in the EU. The GDPR requires companies to ask for their clients’ consent before using their personal data. Companies violating the GDPR could be fined up to 4% of their global revenue from the previous year, or up to EUR20m, whichever is higher. Fined companies will also need to pay compensation for damage. Since the GDPR took effect, more than 900 fines have been issued. For example, Amazon [AMZN:US] was fined a record USD888m in 2021 because its way of processing personal data does not comply with the GDPR. Similarly, WhatsApp, owned by Meta [META:US], was fined USD255m for not explaining its data collection rules properly in 2021 and has since rewritten its Europe privacy policy to comply.
Sources:
https://asia.nikkei.com/Business/Companies/NTT-Data-unit-fined-for-violating-EU-data-protection-law