Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

EU've been naughty: GDPR has netted bloc €114m in fines since 2018

France, Germany and Austria house the most offenders – survey

EU regulators have slapped businesses with an estimated €114m (£97.29m) in fines for data leakage or crappy practices since GDPR was introduced in May 2018, although bigger numbers are expected in future penalties.

Regulators in France, Germany, and Austria reported the biggest fines so far, according to a report by law firm DLA Piper. More than 160,000 breaches have been reported across EU member states plus Norway, Iceland and Liechtenstein. The latter three are all members of the European Economic Area but not full EU members.

France was responsible for the heftiest financial penalty, hitting Google with a €50m bill for infringement of the transparency principle and lack of valid consent.

The Netherlands reported the largest number of offenders, with 40,647 breaches notified to regulators. Germany came in second with 37,636 notifications, and Britain came in third with 22,181.

The UK's Information Commissioner's Office has already announced its intention to fine British Airways £183m for computer attacks that exposed 500,000 customers' data last year, and hotel chain Marriott £99m over a cyber attack in which hackers stole the record of 339 million guests.

GDPR was established to protect privacy by imposing restrictions on how companies use and protect customers' data. The legislation gave regulators the power to fine companies as much as 4 per cent of global annual revenues for serious violations.

The fines so far are small in comparison to the EU's anti-trust cases, which last year alone stung Google with a record €4.3bn fine over the Android mobile OS. Yet GDPR fines are likely to rise as they establish legal precedents, according to Ross McKean, a partner at DLA Piper specialising in cyber and data protection.

"The total amount of fines of €114m imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement," he said in a statement. "We expect to see momentum build with more multimillion-euro fines being imposed over the coming year as regulators ramp up their enforcement activity." ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like