Data protection regulators have imposed $126 million (EUR114 million) in fines under the GDPR regime for a wide range of GDPR infringements, not just for data breaches.
According to the DLA Piper’s latest GDPR Data Breach Survey, France, Germany and Austria top the rankings for the total value of GDPR fines imposed with just more than $56.5 million, $26.1 million and $19.9 million respectively. The Netherlands, Germany and the UK topped the table for the number of data breaches notified to regulators with 40,647, 37,636 and 22,181 notifications each.
For the period from May 25, 2018 to January 27, 2019 there were on average 247 breach notifications per day. For the period from January 28, 2019 to January 27, 2020 there were on average 278 breach notifications per day (a 12.6 percent increase), so the current trend for breach notifications is upwards.
The highest GDPR fine to date was $55.4 million imposed by the French data protection regulator on Google, for alleged infringements of the transparency principle and lack of valid consent, rather than for a data breach. Following two high profile data breaches, the UK ICO published two notices of intent to impose fines in July 2019 of $366 million although neither of these were finalized as at the date of this report.
Commenting on the 2020 report, Ross McKean, a partner at DLA Piper specializing in cyber and data protection, said: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12 percent compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organizations”.
Patrick Van Eecke, chair of DLA Piper’s international data protection practice, said, “The early GDPR fines raise many questions. Ask two different regulators how GDPR fines should be calculated and you will get two different answers. We are years away from having legal certainty on this crucial question, but one thing is for certain, we can expect to see many more fines and appeals over the coming years”.
This announcement originally appeared in Security Magazine.