Fines aren’t the only possible sanction in case of an infringement of data protection rules – prison is also a possibility in certain countries. That’s exactly the outcome of a case in France, where a former head of HR received a six-month (suspended) prison sentence yesterday.
In that case, the person in question had created a database of staff with a range of comments (like “lazy, mythomaniac, spoiled brat” according to reports).
The criminal nature of GDPR fines has already been hinted at several times (see notably https://lnkd.in/eh63Pvsz ), but the risk of a criminal sanction should never be discounted. Just because the police and public prosecutors are seldom seen to be prosecuting allegations privacy and data protection violations, doesn’t mean the risk does not exist.
Other cases (notably a recent case before the Belgian Data Protection Authority) have stressed that “rogue” employees/managers can be viewed as controllers in their own right and can be fined individually – this case shows that other sanctions are also a risk for those individuals themselves, not just for the organisations for which they work.
Parallels with the growing set of rules specifying individual responsibilities for compliance (NIS2 is an example, with specific rules for management / decision-making bodies) are easy to spot.
In short, a good reminder that (non-)compliance isn’t just a monetary issue, and corporations do not always provide a full shield in case of individual action.
This further stresses the importance for organisations to put in place a legally solid datagovernance framework that takes dataethics into account – and the importance for individuals working with them to observe the relevant policies and processes.
Time to check your framework again, perhaps?
First report of the prison sentence (FranceBleu, in French): https://lnkd.in/eg8Xqcys
Did this analysis get you thinking? Reach out!
DataLaws.net is entirely open-access, and instead of getting your data in exchange for this content, how about another trade? If this commentary saved you research time or sparked an idea, feel free to invite me over for tea, chai or a hot chocolate next time you are around Brussels or Antwerp - or invite me over to your offices for a chat!
Get in touch ↗ Let's connect on LinkedIn ↗