The General Data Protection Regulation came into effect in May 2018 and since its inception fines have been handed out for a wide range of infringements.
Data from DLA Piper’s latest GDPR Data Breach Survey reveals that regulators in the EU have imposed fines amounting to more than €114 million.
The EU countries which drew the largest amount of fines imposed were:
- Netherlands – 40 647 fines amounting to €51 million
- Germany – 37 636 fines amounting to €24.5 million
- United Kingdom – 10 516 fines amounting to €18 million
This largest single fine paid was €50 million by Google for alleged infringements of the transparency principle and lack of valid consent. The fine was imposed by the French data protection regulator.
“GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations,” said partner at DLA Piper, Ross McKean.
Something rather interesting that has been highlight by this report is how various nations in the EU calculate fines.
“The early GDPR fines raise many questions. Ask two different regulators how GDPR fines should be calculated and you will get two different answers. We are years away from having legal certainty on this crucial question, but one thing is for certain, we can expect to see many more fines and appeals over the coming years,” said DLA Piper chairperson for international data protection practice, Patrick Van Eecke.
That last bit about more fines and appeals seems rather menacing but really that’s the nature of the beast. We suspect many EU nations are still coming to terms with enforcing the regulations.
That having been said its clear that the EU is enforcing GDPR heavily and it’s going to get worse for companies that don’t comply.[Image – CC BY 2.0 ConvertGDPR]