Personal Data Protection Act 2019 (Personal Data Protection Act or abbreviated as PDPA) is available in our home. The essence of this is to protect personal data (personal data) that can lead to the identification of individuals both directly and indirectly. Be it paper or electronic in the form of letters, pictures, or sounds. Such as ID card number, email address, phone number, etc. in order to prevent the data subject from being violated of privacy and to take compensation measures for the data subject in case of a personal data breach. Therefore, since this Act comes into force, corporate operators need to take strict precautions, safeguard personal information in order to prevent being harassed. Damage to the owner of the data. In which the data subject can be both customer Employees and Business Partners.

In the European Union, there is also a General Data Protection Regulation (GDPR), which came into effect in May 2018, and businesses that have failed to maintain the security of their personal information have been sanctioned by This law is harsh. Let's look at some of the major cases of GDPR violations that occurred in the European Union.

1) British Airways

The case of British airlines In June 2018, the airline's website was redirected to a fraudulent page. The data of about 500,000 customers who bought air tickets via the website fell into hackers' hands. With both login information Travel information, name, address, credit card number Expiration date, CVV number, 3 digits, etc. British Airways was fined by the UK Information Commissioner (ICO) of 204.6 million euros (approximately 8,184 million baht).

2) Marriott International Hotel

The Marriott hotel chain of the US was fined 110.3 million euros (4,412 million baht) by the UK ICO in the wake of hackers disclosing sensitive personal information such as credit card numbers. Passport number Date of birth Over 300 million customers, over 30 million of the European Union residents.

3) Google

Even if the digital giant Google was not been attached a data breach. But Google was fined 50 million euros (around 200 million baht) because users couldn't easily access the consumer data processing statement. And the language used to describe it is ambiguous Moreover, Google is guilty of not asking consumers for consent to request data for targeting advertising campaigns against GDPR laws.

4) Austrian Post

In early 2019, the Austrian Post, the Austrian Post Office, was fined 18.5 million euros (about 740 million baht) by the National Data Protection Agency. Blame for wrongly selling consumer data, in violation of GDPR regulations. The audit found that the Austrian Post examined consumer data on who is likely to vote they support and sold it.

5) Deutsche Wohnen SE

The Deutsche Wohnen SE case, which happened in October 2019, is the largest real estate breach of GDPR. Deutsche Wohnen SE has been fined 14.5 million euros (approx. 580 million baht) for guilty of keeping the consumer's sensitive data longer than necessary without legitimate justification.

6) 1&1 Telecom GmbH

case of German company 1 & 1 Telecom GmbH has been fined 9.5 million euros (about 380 million baht). In the offense that the company's call center does not have adequate standards to protect and maintain customer data, both technical and corporate policy. Authorities found that people calling the company's call center were able to retrieve customer information by simply entering their name and date of birth. This is the fault of an organization that does not have strict authentication and data protection measures in accordance with the GDPR.

These are the six highest fines for violating the EU's General Data Protection Regulation (GDPR). This is a case study for agencies, organizations, companies, and people in Thailand to learn and acknowledge as a guideline to follow as well.

Reference :
https://secureprivacy.ai/gdpr-the-6-biggest-fines-enforced-by-regulators-so-far/
https://etda.or.th/content/personal-data-protection-act-protect-or-not.html