What happens if you ignore the General Data Protection Regulation (GDPR)? Does it really matter?
A.S Watson Group, which owns Kruidvat, a Dutch health and beauty brand, has discovered how important it really is. Ignoring GDPR has led to them receiving a significant fine from the Dutch Data Protection Authority (AP).
Find out where A.S Watson went wrong on the kruidvat.nl website and how you can avoid making the same mistake with one simple platform.
It could save you €600,000.
AP launched investigations into various websites, including kruidvat.nl, in October 2019. It discovered two key areas where A.S Watson was violating GDPR:
AP found kruidvat.nl was automatically placing tracking cookies on user devices before consent was given.
Some of these cookies assigned unique identifiers to website visitors, creating a personal profile of them.
These cookies collected personal data including email addresses, IP addresses, location, products added to shopping carts, purchases, and which recommendations users clicked on.
Considering that users’ sensitive, health-related information is collected on krudivat.nl, the consent requirement is all the more important.
What’s more, Kruidvat’s cookie banner had boxes that agreed to the placement of tracking and advertising cookies ticked by default.
And it made it difficult for users to opt out of these cookies. Users would have to navigate a complicated five-step process to protect their privacy.
AP found that A.S Watson was violating Articles 5(1)(a) and 6 of GDPR which concern the processing of data in a lawful and transparent manner. AP made A.S Watson aware of these issues in November 2019, giving them time to remedy the situation.
But by June 2020, the company still hadn’t made any changes to their cookie consent practices.
As a result, A.S Watson is now facing a fine of €600,000. The lesson is clear:
It’s important to take GDPR seriously – or it could come with significant consequences for any organization that ignores it.
The great news is that you can easily avoid making the same mistakes that appear on kruidvat.nl.
iubenda’s Privacy Controls and Cookie Solution is a reliable tool you can use to get on the road to compliance with GDPR and other data privacy laws.
With it, you can customize and embed your own cookie notice and generate a cookie policy.
The tool recommends a suitable configuration based on users’ locations, as well as your own, helping you comply with country-specific regulations – whether in the Netherlands or elsewhere.
The Privacy Controls and Cookie Solution comes with an integrated auto-blocking feature, which automatically blocks scripts that place cookies on user devices before they give their consent.
This would’ve prevented A.S Watson’s main violation – and saved them €600,000.
A.S. Watson’s story serves as a reminder that GDPR and other privacy legislation shouldn’t be taken lightly. It’s important to ensure your website follows proper cookie consent practices.
iubenda commences your journey towards compliance. Take a quick look now – and avoid the same mistake:
