€114m in fines and more than 160,000 General Data Protection Regulation (GDPR) data breach notifications have been registered by data protection authorities in the European Union since the legislation became enforceable on May 25 2018. Experts predict that with this figure is climb quickly as breaches continually settled during 2020.
The figures were released by specialist law firm DLA Piper revealed the figures this week in the aftermath of their GDPR Data Breach Survey. Ross McKean, partner at DLA Piper specialising in cyber and data protection, stated: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12 per cent compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations”.
He added: “The total amount of fines of €114m imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement. We expect to see momentum build with more multi-million Euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”
Since GDPR became live in May 2018, data protection agencies in every EU Member State have had the power to apply these fines against organisations found responsible for data breaches occurring. The range of penalties goes as high as €20m or 4% of annual global revenue for the previous financial year, whichever figure is higher.
More recently we have seen other EU Member States issue GDPR fines, indicating that there will be a sharp side in the number of GDPR penalties applied as these bodies become stricter in applying the rules.
It is now clear to see that EU Member State data protection bodies are eager to apply stringent financial penalties for every type of GDPR breach. Companies that are still uncertain if they are GDPR compliant or not need to implement measures to address this.