Italy tops GDPR penalty list with €46m worth of fines this year

Since the start of the year European Union based-companies have been sanctioned with €68 million (£61.5m) for breaching the General Data Protection Regulation (GDPR).

More that two-thirds of that has been paid over by Italian-companies, €45m. The results were released by Finbold and included the EU member states that paid the highest price fro GDPR.  This comes just after the May 25 second anniversary of the data privacy’ legislation and suggests that companies are still not getting to grips with management of private data. The figures that were made public were covering the time from January 1 2020 to August 17 2020.

From 1 January to 17 August, Italy came out on top, having been issued with €45.6 million in fines as a result of 13 separate investigations. In second place, Spain’s 76 penalties added up to €1.95m while Sweden accounts for €7.03m, and the Netherlands, with three offences racking up €2.08m. Norway, Belgium, Hungary, Finland and Ireland are also included in the top 10.

There have been no fines sanction by the Information Commissioner’s Office in the United Kingdom (UK) so it does not appear in these rankings. However, this will definitely change in the next report as they backlog of investigation halted due to the COVID19 pandemic are finally dealt with.

The main offending breach referred to it the results was “insufficient legal basis for data processing”. This means that the company completing the processing of private personal information were able able to clearly display the reason and rationale that they data for processing the information in question.

At the other end of the scale Germany has only registered a single GDPR-linked penalty in the same time period.