#Privacy: European authorities have imposed €114m in fines under GDPR 

Since GDPR came into effect, over 160,000 data breach notifications have been reported across the 28 European Union Member States, as well as Norway, Iceland and Liechtenstein. 

According to DLA Piper’s latest GDPR Data Breach Survey, EU data protection regulators have imposed fines totalling €114 million for a range of GDPR infringements.

France, Germany and Austria received the most GDPR fines, with just over €51 million, €24.5 million and €18 million respectively. 

The majority of France’s total fines was issued to Google by the French data protection regulator for alleged infringements of the transparency principle and lack of valid consent. 

The Netherlands, Germany and the UK topped the rankings for the number of data breaches notified to regulators with 40,647, 37,636 and 22,181 notifications each. 

The survey revealed that the daily rate of breach notifications increased from 257 notifications per day for the first eight months of GDPR from May 25, 2018 to January 29, 2019 to 278 breach notifications per day for the current year, an increase of 12.6%.

The results were also weighed against country populations, to which it was discovered that The Netherlands had 147.2 reported data breaches per 100,000 people, up from 89.8 per 100,000 people last year. 

Of the 27 countries that provided data on breach notifications, Italy, Romania and Greece reported the fewest number of breaches per capita. It should be noted that Italy, a country with a population of over 62 million, only recorded 1,886 data breach notifications, thus illustrating the cultural differences in approach to data breach notification. 

The UK’s Information Commissioner’s Office (ICO) published two notices of intent to impose fines in July 2019 totalling £282 million, following two high profile data breaches. However, these notices have yet to be finalised. 

Ross McKean, partner at DLA Piper specialising in cyber and data protection said: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations.  

“The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement.  We expect to see momentum build with more multi-million Euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/