It’s been a year and a half since General Data Protection Regulation (GDPR) came into force, and in this year alone, companies have been fined in the millions for various data breaches.
According to PreciseSecurity analysis, the top ten biggest GDPR fines combined amount to $443.7 million. The three biggest data breaches make up almost 90 per cent of this sum.
The biggest fine went to British Airways, which got fined $225.16m for a data breach which saw financial details and sensitive personal information of its customers obtained by hackers over a two-week period. It was determined that the Magecart group used card skimming to harvest the data of up to half a million users.
The number two spot goes to Marriott International. The accommodation giant was fined in November 2018, after a breach which saw personal data of 339 million of its guests stolen. It was later determined that the breach was made possible through a company that Marriott bought earlier.
The world’s most popular search engine, Google, sits in number three, with a $55 million fine. France’s communications watchdog CNIL issued the fine after concluding that Google wasn’t clear enough about its data consent policy, and did not give its users enough control over their data.
The top three highest data breach penalties in 2019 have caused a financial cost of roughly $400 million.
GDPR was created to make sure organisations gather, store, protect and share the information they have on EU citizens in a lawful, ethical way.