Since the GDPR came into effect in May 2018, European regulators have been testing out their new powers, imposing fines for a wide variety of infringements.
According to a new report from law firm DLA Piper, European data protection regulators have imposed more than €158m in fines since 28 January 2020.
This figure is almost a 40pc increase on the previous 20-month period, bringing the total amount to more than €272m in fines since May 2018.
The annual GDPR fines and data breach survey examined the number of data breaches notified by each country as well the value of fines issued. It noted some limitations where details of breach notification statistics were not made publicly available.
The survey found that Europe saw an average of 331 breach notifications per day in the last 12 months. This is a 19pc increase on the previous year’s average of 278 notifications per day.
In Ireland, more than 6,600 data breaches were notified to the Irish Data Protection Commission in last 12 months.
This ranks Ireland as the third highest country for data breaches on a per capita basis and sixth overall. While Germany had the highest number of breaches overall, Denmark took the top spot for highest number of breaches per capita.
However, the total value of fines issued in Ireland was much lower than its European counterparts.
Ireland issued €715,000 worth of GDPR fines since May 2018, ranking 14th for highest monetary value. Meanwhile Germany and Italy both issued a total of more than €69m in fines.
While France ranks third in terms of total value of fines since May 2018 at €54m, it still holds the top spot for the largest single GDPR fine issued.
In January 2019, France’s data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) hit Google with a €50m fine for allegedly breaking EU privacy laws.
In October 2020, Germany became the country to issue the second highest GDPR fine to date, when it fined retailer H&M €35m for storing data on staff health and religious beliefs.
‘Testing their powers’
Chair of DLA Piper’s UK Data Protection and Security Group noted that fines and breach notifications continue to grow in double-digit percentages, with European regulators showing their willingness to use their enforcement powers.
“They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead,” he said. “During the coming year we anticipate the first enforcement actions relating to GDPR’s restrictions on transfers of personal data to the US and other “third countries” as the aftershocks from the ruling by Europe’s highest court in the Schrems II case continue to be felt.”
John Magee, intellectual property and technology partner at DLA Piper Ireland said regulators have been “testing the limits of their powers this year” but noted that things haven’t always gone their way.
One high profile data breach to the Marriott Hotel resulted in the UK’s data watchdog threatening a fine of more than £99m before a significant climbdown to less than £20m. Meanwhile in Austria, an €18m fine imposed by its data regulator was successfully appealed in December 2020.
“Given the large sums involved and the risk of follow-on claims for compensation we expect to see the trend of more appeals and more robust defences of enforcement action to continue,” said Magee.
The post European regulators imposed €158m in GDPR fines in the last year appeared first on Silicon Republic.