Last year, the data protection authorities in the EEA imposed 190 fines with a total cost of over €410,000,000, according to a new report by Federprivacy.
The study analyzed official sources of information in the 30 countries that are part of the European Economic Area (EEA). The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20. The strictest has been the UK (ICO) with €312,000,000 of sanctions (76% of the total).
No sanctions have been imposed in some countries, including Ireland and Luxembourg. In these countries, there is a European head office of the majority of foreign corporations that are processing personal data on a massive scale.
Federprivacy Chairman Nicola Bernardi, said:
“Even though GDPR has laid the groundwork for more consistent legislation in the EU about personal data protection, the report points out a double standard in imposing sanctions among the authorities.
“The one in the UK, for example, has already fined British Airways and Marriot heavily, while in Ireland no sanction has been imposed yet, even though there are huge technological corporations in this country. We hope that this ‘one stop shop’ system will not unfairly favour corporations like Facebook, Twitter, Amazon and Google. We await the outcome of 19 different investigations in Ireland,” Bernardi added.
The most frequently fined violations are: illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%), and computer accidents or other data breach (9%).
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/