Regulators in the European Union imposed $126 million worth of fines to businesses across the EU (and wider), for breaching General Data Protection Regulation (GDPR) last year.
This is according to the latest figures by DLA Piper, which says that the fines were not imposed just for data breaches, but for a “wide range of GDPR infringements”.
In total, most infringements occurred in the Netherlands (40,647), Germany (37,636) and the UK (22,181). The Netherlands have also had the highest number of breaches per capita (147.2 breaches per 100,000 people). Ireland and Denmark came in second and third.
Highest fines, in total, happened in France, Germany and Austria with $56.5m, $27.2m and $20 million, respectively, with the UK ranked at number 11.
The report also says that the number of reported breaches grew by roughly 12 per cent – daily. In the first few months of GDPR (from May 2018 to January 2019), there had been 247 reports daily. After January 2019, businesses had reported 278 breaches every day.
The highest GDPR fine was still the $55.4m one that the French CNIL imposed on Google.
"GDPR has driven the issue of data breach well and truly into the open,” commented Ross McKean, a partner at DLA Piper specialising in cyber and data protection.
“The rate of breach notification has increased by over 12 per cent compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations."
"The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement. We expect to see momentum build with more multi-million Euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”