The General Data Protection Regulation (GDPR) continues causing hefty fines and penalties for businesses and organizations across European countries even two years after coming into force.
According to data presented by BuyShares.co.uk, the United Kingdom tops the list of the most expensive data breach penalties with EUR132.7 million in total value of GDPR fines, more than German and Italy combined.
Cumulative Value of GDPR Fines Hit EUR344 Million, a EUR119 Million Increase in 2020
The primary reason for such a high cumulative value of GDPR fines in the United Kingdom is the data breach penalty imposed by the UK's data protection authority, ICO, to Marriott International. In November 2018, the American multinational company was fined with EUR110.4 million after reporting a cyber incident that exposed nearly 340 million guest records.
Last week, the ICO fined British AirwaysEUR22 million for failing to protect the personal and financial details of more than 400,000 of its customers, the second-largest GDPR fine in the United Kingdom. The penalty is considerably smaller than the EUR204.6 million that the ICO initially said it intended to issue back in 2019 after the Magecart group used card skimming to collect the personal and payment information of British Airways` customers.
Far below the United Kingdom, Germany ranked as the second-leading country in Europe with EUR61.6 million in the cumulative value of GDPR fines, revealed the GDPR Enforcement Tracker data. On October 1st, 2020, H&M Hennes & Mauritz Online Shop was fined with EUR35.2 million for the insufficient legal basis for data processing, the severest GDPR penalty in the country.
Italian data protection authority (Garante) imposed EUR57.3 million worth of GDPR fines so far, ranking in third place among European countries. On January 15th, 2020, telecommunications operator TIM was fined EUR27.8 million for unlawful data processing, non-compliant aggressive marketing strategy, and invalid collection of consents, the steepest penalty in Italy.
France ranked fourth among the European countries with EUR51.3 million worth of GDPR fines. Austria, Sweden, and Spain follow, with, EUR18 million, EUR7million, and EUR3.9 million, respectively.
Statistics indicate the cumulative value of GDPR fines and penalties hit over EUR344 million in October, with almost EUR119 million worth of new fines imposed in 2020.
Top Five GDPR Penalties Account for 70% of Cumulative Fine Value
Behind Marriott'sEUR110.4 million worth GDPR fine, Google holds second place on the list of the highest data breach penalties. The US tech giant was fined EUR50 million by France's data protection regulator, CNIL, for not providing enough information to users about its data consent policies and control in using their data.
H&M Hennes & Mauritz Online Shop ranked third on this list with EUR35.2 million worth GDPR fine. Italian telecommunications operator TIM and British Airways round the top five list with EUR27.8 million and EUR22 million, respectively.
Statistics show the five biggest data breach penalties cost more than EUR245 million, or 70% of cumulative GDPR fine value.
The full story can be read here: https://buyshares.co.uk/uk-imposed-e132-million-worth-of-gdpr-fines-more-than-germany-and-italy-combined/
Contact: Adam Grunwerg
Psychic Ventures Ltd
St Magnus House
3 Lower Thames Street