Ever since the GDPR guidelines were launched (May 25, 2018), the data regulators in European Union (EU) have imposed sizable penalties on various organizations that misused customer information or failed to maintain the required cybersecurity standards. The EU has issued over €272.5 million (approximately $332.4 million) in fines since the GDPR was initiated, according to research from international law firm DLA Piper. Along with the surge in fines, the number of data breach notifications have also increased by 19% compared to last year.
In total, there have been more than 281,000 data breach notifications since the initiation of GDPR, with Germany (77,747), the Netherlands (66,527), and the U.K. (30,536) topping the list. Italy tops the list in aggregate fines with more than €69.3 million (about $84.5 million) in fines imposed since the initiation of GDPR. Germany and France stood second and third with aggregate fines of €69.1 million and €54.4 million, respectively.
Key Findings
- Around €158.5 ($192,80) of fines have been imposed since January 28, 2020, a 39% increase on the previous 20-month period since the application of GDPR.
- Double-digit growth for breach notifications for the second year running with 121,165 breaches notified since January 28, 2020, compared to 101,403 breaches notified in the previous year, a 19% increase.
- Denmark tops the rankings for data breach notifications.
- Italy has imposed the highest aggregate fines and France has imposed the highest individual fine to date.
- Regulators have not had everything their own way this year with several multi-million-euro fines being successfully appealed or significantly reduced.
- The highest GDPR fine to date remains the €50 million (about $61 million) imposed by the French data protection regulator on Google, for alleged infringements of GDPR’s transparency principle and lack of valid consent.
The research findings are based on the latest GDPR fines and data breach reports from the EU, the U.K., Norway, Iceland, and Liechtenstein.
Ross McKean, Chair of DLA Piper’s U.K. Data Protection and Security Group, said, “Fines and breach notifications continue their double-digit annual growth and European regulators have shown their willingness to use their enforcement powers. They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead. However, we have also seen regulators show a degree of leniency this year in response to the ongoing pandemic with several high-profile fines being reduced due to financial hardship.”
Related Story: Four Biggest GDPR Fines of 2020