Business

Policy

EU've been naughty: GDPR has netted bloc €114m in fines since 2018

France, Germany and Austria house the most offenders – survey


EU regulators have slapped businesses with an estimated €114m (£97.29m) in fines for data leakage or crappy practices since GDPR was introduced in May 2018, although bigger numbers are expected in future penalties.

Regulators in France, Germany, and Austria reported the biggest fines so far, according to a report by law firm DLA Piper. More than 160,000 breaches have been reported across EU member states plus Norway, Iceland and Liechtenstein. The latter three are all members of the European Economic Area but not full EU members.

France was responsible for the heftiest financial penalty, hitting Google with a €50m bill for infringement of the transparency principle and lack of valid consent.

The Netherlands reported the largest number of offenders, with 40,647 breaches notified to regulators. Germany came in second with 37,636 notifications, and Britain came in third with 22,181.

The UK's Information Commissioner's Office has already announced its intention to fine British Airways £183m for computer attacks that exposed 500,000 customers' data last year, and hotel chain Marriott £99m over a cyber attack in which hackers stole the record of 339 million guests.

GDPR was established to protect privacy by imposing restrictions on how companies use and protect customers' data. The legislation gave regulators the power to fine companies as much as 4 per cent of global annual revenues for serious violations.

The fines so far are small in comparison to the EU's anti-trust cases, which last year alone stung Google with a record €4.3bn fine over the Android mobile OS. Yet GDPR fines are likely to rise as they establish legal precedents, according to Ross McKean, a partner at DLA Piper specialising in cyber and data protection.

"The total amount of fines of €114m imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement," he said in a statement. "We expect to see momentum build with more multimillion-euro fines being imposed over the coming year as regulators ramp up their enforcement activity." ®

Send us news
35 Comments
Get our Weekly newsletter

Keep Reading

Keep Reading

Tech Resources

5 Big Myths of AI and Machine Learning Debunked

Despite the numbing buzz around artificial intelligence (AI) and machine learning (ML), it’s more than abstract ideas and hypothetical applications. AI and ML are already powering tools that can give your business decision-making processes a massive upgrade. The technology is here, it’s already proving itself in the market, and it’s increasingly being built with business in mind. The myths around artificial intelligence can get pretty dense, so we’ve taken five of the biggest and dissected them to help you understand the truth about today’s AI landscape.

NVIDIA Ampere for Professional Workloads

During GTC Fall 2020, NVIDIA announced the NVIDIA RTX A6000 and the NVIDIA A40 GPUs based on the NVIDIA Ampere architecture.

Toolkit: Getting Started with Vulnerability Risk Management

Reducing risk across your complete, modern attack surface is no small undertaking, but you don’t have to go at it alone.

Things to Know When Assessing, Piloting, and Deploying GPUs

Creating a large-scale environment that utilizes GPUs takes planning, piloting, implementing at scale, and, finally, evaluation.