GDPR fines hit telcos for €1.6 billion – Dufrain

Pain will get worse when Data Governance Act kicks in

European mobile operators should invest more time on data strategies, according to Dufrain a data strategy vendor. Data disorders will cost mobile operators millions in fines and could prove fatal when they try to ‘scale up’ in a business environment that supports mergers and acquisitions, the consultant has warned. Merging two sets of unstructured data creates a fatal toxic mixture that can both clog the circulation of the growing telco and lead to haemorrhaging of its information ‘lifeblood’.

Compliance

Dufrain cited Google and Vodafone Spain, who were fined €14 million in May by Spain’s Agencia Española de Protección de Datos (AEPD), as reported here in Compliance Week. The AEPD alleged Google violated Article 6 of the General Data Protection Regulation (GDPR) regarding lawful data processing and Article 17’s right to be forgotten. Dufrain claimed the aggregate avoidable loss to GDPR enforcement fines totals €1.6 billion.

GDPR

Four years after the General Data Protection Regulation (GDPR) came into effect in the EU, there’s a growing danger of fines being imposed, according to Gerry Goodwin, sales director at Dufrain. “The fine imposed on Google and Vodafone shows that the regulators are as stringent as ever in its enforcement.” Now a host of new regulations and enforcements are set to come into effect this year, including the Data Governance Act and ePrivacy Regulation, which threaten to hit telcos even harder.

Immunity

However, some might think it’s more profitable to ignore the regulations and take the occasional GDPR fine as a cost of doing business. The fine is the fourth for Google under the GDPR and second highest in value following the €50 million penalty (then-U.S. $57 million) the company was hit with in France in 2019. Other countries to sanction the tech giant include Sweden and Belgium. Google has yet to be fined in its European home country of Ireland, where its primary regulator is located in accordance with the one-stop shop mechanism of the GDPR.

Governance

Dufrain said proper data governance processes will protect both the telcos and their customers from data breaches. It outlines the steps telcos can take to manage their data effectively and mitigate risk. It unveiled a three point plan: structure data, prepare for mergers and govern your data. 

Fatally unstructured

Unstructured data, that cannot be used or detected by technology, presents a serious compliance risk for telcos because it’s typically exposed to huge amounts of personal customer information, according to Dufrain. Microsoft Teams and emails are a particular threat as more people work from home. Any documents saved via Microsoft Teams meeting, such as PDFs, mean that businesses breach data protection laws and face the threat of potentially crippling fines. Telcos must use specialist systems that bring unstructured data under control in the same way as structured data, according to Dufrain.

First degree merger

The deal value for mergers and acquisitions (M&A) in the telecoms sector rose by 48% in 2021 with scale deals, according to Dufrain. But the value is dissipated if the data from the companies cannot be merged successfully. Expediting the data migration process will be the deal breaker in the next few years, said Dufrain. “A data strategy that encompasses all aspects of data usage, ownership and management is vital for avoiding potentially crippling fines,” said Goodwin, “that means knowing where all their data is and how it’s stored and used, both to mitigate data breaches and ensure that they can make the most of the [intelligence it presents].”