GDPR is here: mess up and we’ll fine you, warns EU privacy chief

From social media giant Facebook to libraries and schools, organisations are now subject to the world’s most far-reaching data privacy regulation in a crackdown aimed at protecting people from losing control over their personal information.

It has occupied thousands of lawyers, taken years of planning and triggered billions of emails.

Mess up now and you can expect very little tolerance, warned Andrea Jelinek, the Austrian in charge of policing the European Union’s General Data Protection Regulation (GDPR), which took effect on May 25.

“If there are reasons to warn we will warn; if there are reasons to reprimand we will do that; and if we have reasons to fine, we are going to fine,” Jelinek, 57, told reporters ahead of the big day. Asked about criticism that some regulators are more lenient than others, she said that “it was like that in the past, but it should not continue in the future”.

Privacy has moved from a niche topic to one of the biggest headaches for top bosses, such as Facebook founder Mark Zuckerberg, who this week was grilled by EU lawmakers about how the data of some 87 million users and their friends may have been shared with a consulting firm with links to Donald Trump’s US presidential campaign.