First Major Breach of the GDPR: France Fined Google €50.000.000

€50.000.000 that fined to Google by the French authorities in consequence of the breach of the GDPR demonstrates the GDPR’s quick entrance to the field, which has been in force for only less than a year. Thereby, the first major breach since the GDPR has come into force has been occurred and the administrative fine regulated under the GDPR has been imposed thereafter. As “personal data” changed dimension over time, the need to modernise the principles recognised in Directive 95/46/EC (“Data Protection Directive”) and to reform this area in order to ensure effective protection to the personal rights has emerged. To that end, European Parliament accepted the GDPR on the 24 May 2016, which replaces the Data Protection Directive. Additionally, the GDPR provided for a two year-transitional period after its adoption and it became applicable on 25 May 2018. Thus, the GDPR is newly applicable. The GDPR is the most up-to-date regulation with the strictest conditions, and the EU Member States have been preparing themselves to these conditions since its text was published. The most distinct and worrisome characteristics of the GDPR were its whole and direct applicability, expanded territorial scope and high administrative fines regulated therein. Indeed, fining a company like Google with such high amount reveals that the worrisome were accurate.