The European Union’s General Data Protection Regulation (GDPR) is proving to be more than some good intentions and lots of website privacy popups. It’s got teeth, too. A recent report by the law firm DLA Piper says that EU regulators have imposed more than €114 million, or US$127 million in fines for data breaches. The report’s authors comment that the sum “is quite low given that supervisory authorities enjoy the power to fine up to 4% of total worldwide annual turnover of the preceding financial year. France, Germany and Austria top the table for the total value of GDPR fines imposed to date with €51 million, €24.5 million and €18 million respectively.”
The report, entitled “DLA Piper GDPR Data Breach Survey 2020,” notes that in terms of the number of breaches, The Netherlands, Germany and the UK had the most data breaches notified for the 20 months from 25 May 2018 to 27 January 2020, with 40,647, 37,636 and 22,181 respectively. The Netherlands, Germany and the UK also topped the table for the total number of breach notifications in last year’s report. The countries with the fewest breaches notified for the full 20 month period were Latvia, Cyprus and Liechtenstein with around 173, 94 and 30 respectively.
The report cautions that while the fines so far have been fairly gentle, “It would be unwise to assume that low and infrequent fines will be the norm going forward. Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime. It takes time to build a robust case to justify higher fines. We expect to see more multi million Euro fines in the coming year.” Consider yourself forewarned.