We have seen the first major fine hit a company for failing to meet GDPR data privacy requirements in Europe, and it’s a doozy. French data regulator CNIL has fined Google 50 million euros for its advertising personalization practices.

This milestone is notable because it shows that European regulators are willing to use their teeth and place hefty fines on companies that they feel aren’t protecting consumer privacy.

It’s important to remember that the size of the fine is discretionary up to the stated limits, which are enormous (up to 20 million euros or 4 percent of global revenue; whichever is higher) and that the European Information Commissioner’s Office has stated that it’s not interested in levying heavy fines for minor infringements.

Sectigo is seeing a lot of interest from enterprises that want to use S/MIME certificates to help protect end users’ data in order to aid their GDPR compliance efforts and to mitigate the potential fine size if they still have a data breach despite their best efforts. Now that we see the real potential for these fines, it appears that they are wise to do so.