EU Fines For GDPR Breaches Increase Fivefold
European data regulators issued €1.1 billion (£920 million) in General Data Protection Regulation (GDPR) fines last year, a 585% increase compared to 2020. This is almost 20 times higher than the combined total of Q1 and Q2, and triple the total amount of fines in all of 2020.
Leading law firm DLA Piper surveyed 27 EU member states, as well as the UK, Norway, Iceland, and Liechtenstein. The survey identified an 8% increase in GDPR breach notifications from 2020’s average of 331 notifications per day to 356 in 2021.
Since 28 January 2021, there have been over 130,000 notified personal data breaches in total, with the Netherlands having the most breach notifications per 100,000 people respectively. On the other end of the spectrum, Croatia, the Czech Republic, and Greece reported the fewest number of breach notifications per capita.
The highest GDPR fine to date is the one imposed by the Luxembourg National Commission for Data Protection (CNDP) for €746 million on the online based retailer, Amazon, the biggest fine so far for non-compliance with the GDPR. This is more than 14 times higher than the previous largest GDPR fine (EUR50 million) imposed by France on Google.
The UK came in sixth place with a £20m fine against British Airways for losing the financial and personal details of around 380,000 customers in a cyber-attack in 2018.
Since 28 January 2021, there have been over 130,000 personal data breaches notified to regulators - on average 356 breach notifications per day, an 8% increase on last year’s daily average of 331 notifications per day.
Commenting on the survey findings, Ross McKean, chair of the UK Data Protection and Security Group said that although the nearly sevenfold increase in fines may grab the headlines, According to DLA Piper’s survey, the most common implications aren’t limited to fines and claims for compensation, but also service interruption caused by the suspension of data transfers, which McKean described as “much more damaging and costly”.”
EU Data Protection Board: Bloomberg: ITPro: Pymnts: DLA Piper: RemarkBoard:
You Might Also Read:
The Effects Of GDPR On EU / US Relations: