Law firm DLA Piper has published a report that shows European Union-based businesses paid fines totalling €272.5m ($329m) for an extensive list of breaches of the General Data Protection Regulation (GDPR) since it was first introduced on May 25 2018.
The aggregate daily rate of breach notifications in Europe registered double digit growth for the second consecutive year with 331 notifications per day since 28 January 2020, a 19% increase compared to 278 breach notifications per day for the previous 12 months.
The report comments that there is widespread evidence that there remains a “failure to implement appropriate security measures”. This is one of the chief factor leading to the continued growth of the GDPR fines. In the two years since GDPR became enforceable it has slowly become apparent what data protection agencies are deeming appropriate behavior in relation to GDPR. It is now becoming easier to companies to achieve full GDPR compliance as what regulators expect to be put in place becomes clearer. This includes: ongoing monitoring of privileged user accounts and databases that hold personal information, server security measures that safeguard administrator accounts, encryption & multi-factor authentication to secure access and files.
In order to avoid staff members from doing something that may lead to a GDPR breach it is wise to provide ongoing training in relation to what is permissible in relation to managing private data. This, in tandem with giving new members of staff an on boarding session in relation to GDPR, will go a long way to helping companies avoid GDPR penalties.
The GDPR penalties were paid by companies based through the 27 EU member states and the UK, Norway, Iceland and Liechtenstein. The largest proportion was paid by companies based in Italy (€69.3m) followed closely by Germany (€69.1m) and France (€54.4m).
Over figures revealed in the report include:
- 281,000 GDPR data breach notifications have been issued.
- This was comprised by Germany (77,747), The Netherlands (66,527), the UK (30,536), France (5,389) and Italy (3,460).
- Companies in Europe have paid €272.5m ($329m)
- Highest GDPR fine is €50m – issued against Google by French data protection regulator CNIL.
- Two GDPR penalties in the UK were reduced from £282m in total to £28.4m
- Denmark had the highest number reported breaches per 100,000 people with 155.6 per 100,000 people – other countries registered the following results:
- Netherlands 155.6
- Ireland 127.8