Company Sued for Lying about GDPR readiness

Updated: Apr 13, 2020

Leading global information and measurement company, Nielsen, and its CEO and CFO could be in trouble for allegedly deceiving their shareholders regarding their preparedness with the turn of tides caused by the GDPR.

There had been a lot of drastic changes that have occurred since the GDPR took effect and has given several companies an additional responsibility beyond data protection. These changes have often put other big social media giants such as Facebook in a lot of trouble due to the failure of compliance.

Nielsen is also currently experiencing its own GDPR-related problem as a shareholder named Arun Bhattacharya has sued the company for supposedly misleading them with their statements through conference calls and press releases regarding the company’s preparedness upon the implementation of GDPR.

Mr Bhattacharya took the case to District Court for the Southern District of New York to sue Nielsen for false information. Nielsen promised that their company is ready for the changes that GDPR will bring and has guaranteed its shareholders that their ability to access third-party data from Facebook and other social media sites to generate its own metrics will not be affected. However, these conditions were not met which inevitably led to the shareholder filing the case.

Nielsen stated that the firm has “significantly missed” their public net income and free cash flow estimates by a wide margin due to changes done to the consumer data privacy landscape brought upon by GDPR having taken full effect. This consecutive drop of 25% in their share price during the month of July has allegedly damaged the shareholders.

Because of this, Bhattacharya is seeking damages for the violation of Section 10 (B) and Rule 10 b-5 of the Securities Exchange Act and the certification of a Class Action pursuant to Rule 23 of the Federal Rules of Civil Procedure.

This tragic event for the company is just another glaring example of how the implementation of GDPR isn’t only about the preparedness of one company when it comes to data protection but to also apply the revisions that have been made in the principle of the law as well as accountability and transparency otherwise they will have to face the consequences should they fail to comply.

The field CTO EMEA at RSA Security, Rashmi Knowles, claimed that shareholders can now take legal action against firms if they feel like the company has failed to comply with the laws of GDPR.

This goes to show how important it is for organizations to manage digital risks efficiently by regularly asking a few critical questions, and making sure that users clearly understand what personal data is, how it is used, and where it is stored. Moreover, taking precautionary measures are necessary to protect sensitive data from hacking, as well as the employees through data encryption, access permissions, and appropriate security technologies.