With the introduction in May 2018 of the European Union’s (EU) General Data Protection Regulation (GDPR), 2019 was expected to be the year of enforcement, with regulators using extended powers to set a higher bar for managing individuals’ data.
Regulatory activity certainly increased in 2019 compared to previous years. Some headline-grabbing fines were issued, with social media giants being notable recipients of some of that attention.
However, the widespread use of ‘mega fines’ did not materialize, according to research by leading cyber insurer Beazley. What was evident in 2019 was a more varied than expected approach to enforcing the new rules by different regulators.
The latest Beazley Breach Insights report analyses the actions of data protection regulators across the EU in 2019 and the impact on organizations based elsewhere that are nonetheless subject to the rules through their business structure or customer base.
While fines handed out by the Information Commissioner’s Office in the UK have been relatively rare, other European regulators have been more active. GDPR fines have been issued more regularly across Belgium, Bulgaria, France, Germany, Greece, Hungary, Italy, Lithuania, Netherlands, Norway, Poland, Romania, Spain and Sweden.
Katherine Keefe, head of Beazley Breach Response Services, said:
“In the first full year of the GDPR we have noted a varied approach to enforcing data protection rules by EU regulators alongside a general rise in regulatory activity.
“The extraterritorial provisions within the GDPR means organizations in the US and other non-EU territories may be subject to the GDPR due to having either customers or offices in countries subject to the rules. It is therefore all the more important that they track the enforcement developments to understand how they could be affected.
“Knowing how to manage and report a cyber breach helps organizations to both prevent and recover from an incident and avoid a sizeable fine if the breach is mishandled.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.