EUR272.5 million in fines imposed by European regulators under GDPR - Survey by international law firm DLA Piper

en

Double digit growth for breach notifications for the second year running with 121,165 breaches notified since 28 January 2020 compared to 101,403 breaches notified in the previous year – a 19% increase.

<< Back
19/01/2021 |
  • dla piper rgb

EUR272.5 million (about USD332.4 million / GBP245.3 million) of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to international law firm DLA Piper.  The figure is taken from the law firm’s latest annual General Data Protection Regulation (GDPR) fines and data breach report of the 27 European Union Member States plus the UK, Norway, Iceland and Liechtenstein. 
 
Luxembourg reported 920 data breaches notified to regulators, ranking it 18 overall in the survey. It has issued no fines to date. Italy’s regulator tops the rankings for aggregate fines having imposed more than EUR69.3 million (about USD84.5 million / GBP 62.4 million) since the application of GDPR on 25 May 2018.  Germany and France came second and third with aggregate fines of EUR69.1 million and EUR54.4 million respectively.   
 
In aggregate there have been more than 281,000 data breach notifications since the application of GDPR on 25 May 2018 with Germany (77,747), The Netherlands (66,527) and the UK (30,536) topping the table for the number of data breaches notified to regulators.  France and Italy, countries with populations over 67 million and 62 million people respectively, only recorded 5389 and 3460 data breach notifications for the same period illustrating the cultural differences in approach to breach notification.    
 
The aggregate daily rate of breach notifications in Europe experienced double digit growth for the second year running with 331 notifications per day since 28 January 2020, a 19% increase compared to 278 breach notifications per day for the previous year.   
  
Weighting the results against country populations, Denmark takes pole position this year ahead of The Netherlands with 155.6 and 150 reported breaches per 100,000 people respectively.  Ireland is in third place with 127.8 reported breaches per 100,000 people. Greece, Italy and Croatia reported the fewest number of breaches per capita since 28 January 2020.   
 
The highest GDPR fine to date remains the EUR50 million (about USD61 million / GBP45 million) imposed by the French data protection regulator on Google, for alleged infringements of GDPR’s transparency principle and lack of valid consent.   
 
Following two high profile data breaches, the UK Information Commissioner’s Office (ICO) published two notices of intent to fine in July 2019 totaling GBP282 million (about EUR313 million / USD382  million).  However in a significant climbdown by the UK regulator, the final fines imposed in October 2020 were greatly reduced to GBP20 million (about EUR22.2  million / USD27.1 million) and GBP18.4 million (aboutEUR20.4 million /USD25 million).  The Austrian supervisory authority suffered a setback when its EUR18 million fine (about GBP16.2 million / USD22 million) was successfully appealed in December 2020.  
 
Commenting on the report, Olivier Reisch, Partner of DLA Piper’s Luxembourg Intellectual Property & Technology, said: "Fines and breach notifications continue their double digit annual growth and European regulators have shown their willingness to use their enforcement powers.  They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead.  However we have also seen regulators show a degree of leniency this year in response to the ongoing pandemic with several high profile fines being reduced due to financial hardship.  During the coming year we anticipate the first enforcement actions relating to GDPR’s restrictions on transfers of personal data to the US and other “third countries” as the aftershocks from the ruling by Europe’s highest court in the Schrems II case continue to be felt." 
 
Ewa Kurowska-Tober, Global Co-Chair of DLA Piper's Data Protection & Security Group, said "Regulators have been testing the limits of their powers this year issuing fines for a wide variety of infringements of Europe’s tough data protection laws.  But they certainly haven’t had things all their own way with some notable successful appeals and large reductions in proposed fines.  Given the large sums involved and the risk of follow-on claims for compensation we expect to see the trend of more appeals and more robust defences of enforcement action continue."   

Back to top  | << Back

Communiqués liés

Arnaud Delestienne LuxSE web
03/03/2021

LuxSE and Origin complete very first, fully digital listing ...

The Luxembourg Stock Exchange (LuxSE) and London-based fintech company Origin ha...

Bourse de Luxembourg
Bâloise-Assurances-Luxembourg

Une nouvelle assurance All-in arrive sur le marché des chan...

AlliA Insurance Brokers et ses partenaires Bâloise Luxembourg, CFDP et Trustbui...

BÂLOISE LUXEMBOURG
Fundrock
03/03/2021

FundRock breaks through the €100 billion AUM ceiling

FundRock, a leading European third-party UCITS Management Company (“ManCo”),...

Apex
DRESCHER Jean-Philippe 9195 carre-1800
03/03/2021 Personnalités

Jean-Philippe Drescher rejoint Kleyr Grasso

Le 1er mars 2021, Jean-Philippe Drescher a rejoint le département Corporate Fi...

Kleyr Grasso
GettyImages-175138288 16030 0Previewlarge
03/03/2021

Income tax returns 2020: Get advice from experts

As you may have heard from the news, the government has extended the filing dead...

Grant Thornton
6U CubeSat Platform rendering - source ISISPACE (002)
02/03/2021

Kleos franchit une étape clé du développement de satellit...

Les satellites entrent maintenant en phase d’assemblage avec ISISPACE pour un ...

Kleos Space S.A.

Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more