This newsletter has been some time in the planning and so I am thrilled that we're able to kick off 2023 with the inaugural edition!
The CPM Privacy and Compliance team will use this space to share regular updates on developments both internal and external to CPM and Omnicom as well as signposting to useful resources, sharing practical hints and tips and demystifying some of the common, and indeed less common privacy and compliance issues you may come up against in your work for CPM, for our clients and maybe even in your personal life - keep reading for a short story based on true events about the devastating impact of social engineering.
If you have any questions in relation to our privacy and compliance programmes, please reach out to your local in-market Data Protection Champion (details below), get in touch with me or email Privacy@cpm-int.com.
Christopher McDonnell, Head of Global Privacy
CPM Privacy & Compliance SharePoint
We're excited to officially launch the CPM Privacy & Compliance SharePoint site which will act as a one stop place for key information, policy, procedure and guidance documents as well as updates and signposting. The content will be updated and developed over time, both to provide a greater depth of resource as well as to take into account developments both within and external to CPM. The CPM Privacy & Compliance SharePoint site is now live.
Meet the CPM Data Protection Champion Network
Our network of Data Protection Champions support our in-market teams to ensure compliance with the GDPR and other applicable data protection and privacy legislation as well as supporting to drive accountability, knowledge building and awareness raising within their business. Your Data Protection Champion is your point of contact for any questions in relation to our privacy and compliance programmes. Contact details can be found on the CPM Privacy & Compliance SharePoint site.
OneLearning is now live
Omnicom's new Learning Management Platform “OneLearning” is now live. OneLearning is where you'll complete the Privacy and Compliance team's favourite training modules including Information Security Awareness and Code of Conduct, among others. You can access the platform from the Omnicom OneWorkplace page, by clicking on the OneLearning tile. We encourage you to check out the new platform and, if you have any training modules pending, complete them as soon as you can.
Information Security Tips
Available to download from the CPM Privacy & Compliance SharePoint site and already on display in a number of our offices, the "7 Information Security Tips" poster is the first in of a series of guidance documents and posters that we have planned for the coming months.
This guidance has been developed to support colleagues in following best practice and ensuring that we all play our role in keeping company and client information secure.
Data Privacy Day
Falling on 28th January each year, the purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices.
It is no coincidence that this newsletter is launched in the lead up to Data Privacy Day 2023. Whilst we leverage the importance of this internationally recognised day, our work in raising awareness and promoting best practices will, quite rightly, be a year-round effort.
GDPR Fines Reached Record Level in 2022
One of the biggest impacts of the GDPR coming into force back in 2018 was the ability for violators of the regulation to receive fines of upto €20 million or 4% of annual worldwide turnover (whichever is higher). Four years on and 2022 saw the fines imposed by data protection authorities hit a record of €2.92 billion, up 168% on 2021.
Meta (Facebook, Instagram & Whatsapp) received a number of fines in 2022, the heaftiest of which was for almost €400 million for multiple violations across its platforms, and the fines for Meta are continuing into 2023.
The largest fine issued to date was in Luxembourg where Amazon received a €746 million fine as a result of multiple infrginements. Whilst the majority of the top 10 spots for biggest fines ever issued are occupied by Meta, Amazon and Google, many small and medium enterprise business have fallen afoul of the regulation and have had to pay the price.
The best way to avoid the devastating impact of such fines is through any organisation's greatest asset - its people. By ensuring that we remain vigilant and aware of risks, we are better postioned to deliver on our legal, regulatory and compliance obligations.
If you're interested in seeing which other organisations have received GDPR fines, check out the GDPR enforcement tracker.
Sherri receives a text message from her mobile phone provider requesting she update her payment details. Sherri enters her personal information which sparks a dramatic unravelling of her life. The story explores our reliance on trust in institutions, as well as the overwhelming sense of betrayal and loss that Sherri feels as she realises that she has been scammed. We witness the downward spiral of her mental health and the impact of the scam on her relationships. In the end, Sherri comes to terms with what has happened and sets out to rebuild her life.
Based on true events, this short story serves as a cautionary tale to highlight the sophistication of social engineering scams and the importance of staying vigilant and sceptical of any requests for information. Read 226 days.
If you receive a suspicious email on your work account, please use the "Report Message" feature in Outlook. If you receive a suspicious email, SMS, phone call of other type of communication, do not respond to the to request of the potential bad actor. It is always better to be safe than sorry!