The Information Commissioner has not taken long to exercise its powers under the GDPR, fining Santa Claus 12 million Euro for a flagrant breach in relation to special category child data.
For centuries, Santa (a.k.a. Father Christmas) has been collecting highly sensitive child data, which children have been providing in the hope that he will supply them with presents over the Christmas period.
Children have been willingly writing and emailing Santa with their date of birth, address, medical ailments, toy preferences and whether they have been naughty or nice for decades.
Santa has then been selling their data to third-party toy retailers, balloon manufacturers and wine bars, relying on the small print in the Terms & Conditions on his website.
But after his latest round of data selling, Santa was in serious breach of the GDPR after not gaining the children’s express and freely given consent.
The Information Commissioner hit him hard with a €12M fine in order to “make an example”.
Santa has reportedly filed for bankruptcy and has since been seen slumped and swigging whisky outside a shopping centre in Rotherham.