Skip to main content

Majority of GDPR penalties issued as a result of these two problems

(Image credit: Pixabay)

Most of the fines issued as a result of GDPR infractions came down to two main problems, a new report from Exonar has revealed.

So far, businesses across Europe have paid more than $620 million in fines under GDPR, with two thirds (65 percent) stemming from security and data storage issues.

According to Exonar, 39 percent ($244 million) of GDPR-related fines were due to insufficient security, with affected companies including British Airways, Active Assurances and DSK Bank.

More than a quarter of all fines ($159 million), meanwhile, were dished out as a result of unsecured and over-retained data. Marriott, Deutsche Wohnen and 1&1 Telecom were among the high-profile companies fined for this type of error.

Other notable problems include the unlawful use of personally identifiable information and failure to comply with Data Subject Access Requests (DSAR), which were responsible for almost a fifth (19 percent) of fines.

The remaining 16 percent ($99 million) came down to a range of issues, including Uber’s failure to report a breach fast enough, Unicredit’s incorrect sharing of data and H&M’s unlawful use of employee data.

“Nearly 65 percent of GDPR fines were caused because of insufficient security and storing unsecured data,” said Danny Reeves, Exonar CEO.

“Securing your data first can play a vital role in not only meeting GDPR standards but also help mitigate the risk of the insufficient security - as it will be harder for hackers to access any data in the event of a breach.”

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.