Since the EU’s GDPR came into full effect back in May, 2018, European data protection authorities have received more than 160,900 data breach reports, according to a new report by law firm DLA Piper. The figure represents an increase of 2.6 percent compared to the first eight months of the GDPR.
But the real story is that 114 million euros ($126 million) in fines have been imposed so far.
The GDPR came into force not only as a powerful European data privacy law with the ability to fine companies up to 4 per cent of their global annual revenue. It’s also a model for the rest of the world on how to regulate the unchecked flow of personal information enabled by today’s heavyweight tech companies.
The largest fine resulting from the law was the 50 million euro punishment ($57 million) on Google in France for a lack of transparency. (Though to put that figure in context, Google’s parent company Alphabet was recently valued at $1 trillion). However, the law firm’s study did not count the proposed 183 million pound ($238 million) fine on IAG, which owns British Airways in the UK —if carried out, that would be a record fine.
GDPR: Maximum Penalties are Serious
Clearly, however, GDPR has been reshaping the data breach and privacy discussion in Europe, says Ross McKean, a partner at DLA Piper who specializes in cyber and data protection, although regulators have yet to use their full fining power.
The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement,
However, McKean predicts that multi-million euro fines will become more common in the coming year as regulators build on past enforcement efforts and find their footing.
Source: Engadget UK, Bank Info Security