top of page


Public·42 members

GDPR Regulators Have Imposed $126M In Fines Thus Far, Finds Survey

LINK =====

GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey

A new survey by international law firm DLA Piper has revealed that data protection regulators in the European Economic Area (EEA) have imposed a total of â114 million (about US$126 million / Â97 million) in fines for data breaches and other violations of the General Data Protection Regulation (GDPR) since its implementation in May 2018.

The survey, which covers the period from May 25, 2018 to January 27, 2020, found that France, Germany and Austria accounted for the highest values of fines imposed by regulators at â51 million, â24.5 million and â18 million, respectively. The most common types of GDPR breaches were insufficient legal basis for data processing, lack of transparency and information to data subjects, and inadequate security measures.

The survey also reported that data protection authorities in the EEA received more than 160,000 personal data breach notifications during the same period, with the Netherlands, Germany and the UK topping the list with 40,647, 37,636 and 22,181 notifications each.

However, the survey did not include the proposed fines of Â183 million and Â99 million against British Airways and Marriott International, Inc., respectively, by the UK Information Commissioner's Office (ICO), as they have not been finalized or imposed yet. The ICO announced these fines in July 2019 as a result of two major data breaches that affected millions of customers.

The authors of the survey noted that the relatively low and infrequent fines imposed so far under the GDPR regime do not reflect a lack of enforcement activity by the regulators, but rather the time and resources required to build robust cases to justify higher fines. They also predicted that more multi-million Euro fines will be seen in the coming year as supervisory authorities across Europe ramp up their enforcement teams and get to grips with the new regime.

The GDPR is a comprehensive data protection law that applies to all organizations that process personal data of individuals in the EEA, regardless of their location or size. It grants individuals various rights over their personal data, such as the right to access, rectify, erase, restrict and port their data. It also imposes strict obligations on data controllers and processors to ensure that they process personal data lawfully, fairly and transparently, and that they implement appropriate technical and organizational measures to protect personal data from unauthorized or unlawful access, loss, destruction or damage. The GDPR also empowers data protection authorities to impose administrative fines of up to â20 million or 4% of the global annual turnover of an organization, whichever is higher, for non-compliance.

The survey highlights the importance of complying with the GDPR and ensuring that personal data is handled securely and responsibly. Organizations that fail to do so may face not only hefty fines but also reputational damage and loss of customer trust. a474f39169

  • About

    Welcome to the group! You can connect with other members, ge...

    bottom of page