UK Law Company Report Discloses 91 GDPR Fines from approximately 60,000 Breach Notifications

February 13, 2019


The latest report, circulated by the UK-based international legal company DLA Piper, has disclosed that since the European Union’s General Data Protection Regulation became enforceable on May 25, 2018, nearly 60,000 data breach notifications have been informed to data protection organizations in European Union Member States.

During that period, as per the report, data protection organizations have imposed 91 fines for GDPR breaches. Nevertheless, these fines were not all linked to disclosing private personal information. For example, Google was the firm subjected to the maximum fine, €50 million, by the French data protection authority (CNIL) in relation to processing personal data for publicizing purposes without first getting the approval required under the new EU law.

Other fines included in the lately released report include a €20,000 GDPR fine for a German business that failed to hash its workers’ passwords and a company in Austria which was fined €4,800 for too much use of CCTV cameras that keep watch on a public passageway. Other findings in the report comprise the fact that the Netherlands was the EU country with the most grievances at 15,000, followed closely by Germany with 12,500 and the UK with 10,600 reports.

It should be noted, however, that a huge surge in GDPR fines is expected in 2019 as watchdogs and data protection authorities become more familiar with the new system and start the procedure of assessing each report. This surge was previously predicted by Raegan MacDonald, Senior Policy Manager and EU Principal for Mozilla.

The DLA Piper report states that: “Watchdogs are busy and have a large accumulation of notified breaches in their inboxes. Unavoidably the larger headline-grabbing breaches have taken priority when assigning resources, so many companies are still waiting to hear from watchdogs whether any action will be taken against them in relation to the breaches they have informed.”

Speaking at the introduction of the report, Sam Millar, a partner at DLA Piper specializing in cyber and large scale investigations stated: “The watchdogs have already begun to flex their muscles with 91 GDPR fines imposed so far but the penalty against Google is a landmark moment and is noteworthy partly because it’s not linked to personal data breach. We anticipate that watchdogs will treat data breach more severely by imposing higher penalties given the more acute risk of harm to people. We can expect more penalties to follow over the coming year as the watchdogs clear the backlog of notices.” You can read the full report here.

With the tendency identified implying that there will be a continuous rise in GDPR breach notifications and a succeeding rise in GDPR penalties being applied, there is a clear opportunity for companies to increase their reputation among prospective clients by bolstering their data protection measures and avoiding any GDPR breaches.