European data regulators issued €1.1 billion in GDPR fines in 2021

Getty Pictures

European information regulators issued €1.1 billion (£920 million) in GDPR fines very last 12 months, a 585% raise in comparison to 2020. 

This is according to worldwide law agency DLA Piper, which surveyed 27 EU member states, as nicely as the UK, Norway, Iceland, and Liechtenstein.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The study recognized an 8% maximize in GDPR breach notifications from 2020’s regular of 331 notifications per day to 356 in 2021.

Considering that 28 January 2021, there have been about 130,000 notified own data breaches in whole, with the Netherlands acquiring the most breach notifications for every 100,000 people respectively. On the other end of the spectrum, Croatia, the Czech Republic, and Greece documented the fewest quantity of breach notifications for each capita.

Luxembourg issued the best person GDPR fine in 2021 with its €746 million wonderful levied in opposition to Amazon. It adopted by Ireland and its €225 million fine imposed in opposition to WhatsApp, and France with its €50 million good against Google. 

The UK arrived in sixth place with the £20 million fantastic imposed on British Airways for dropping the fiscal and personalized particulars of about 380,000 prospects in a cyber attack in September 2018. Since the implementation of GDPR, the UK has noted 40,026 particular info breach notifications, with 8,355 becoming described in 2020 and 9,490 in 2021 – a 13.6% maximize in a single yr.

DLA Piper’s study also determined Schrems II, based mostly on the 2020 ruling of Facts Security Commissioner v Fb Ireland Minimal, Maximillian Schrems, as the most popular GDPR compliance challenge for organisations.

The circumstance was at first brought by privacy activist Max Schrems, who claimed that Facebook was unjustified in its use of so-named ‘standard contractual clauses’ for the transfer of knowledge in between its EU headquarters and its US foundation in Silicon Valley. On 16 July 2020, the European Courtroom of Justice made a decision that the details transfer mechanism recognized as Privacy Shield was unable to shield EU residents’ info from considerable US surveillance mechanisms, creating it no extended valid less than GDPR.

Commenting on the study results, Ross McKean, chair of the UK Details Protection and Security Team reported that whilst the practically sevenfold maximize in fines may well get the headlines, it is Schrems II that “has founded alone as the prime info safety compliance problem for many organisations caught by GDPR.”

According to DLA Piper’s survey, the most widespread implications of the Schrems II judgment aren’t limited to fines and claims for payment, but also provider interruption induced by the suspension of information transfers, which McKean explained as “much more harmful and costly”.

“The target on transfers and the substantial function essential to obtain compliance inevitably signifies that organisations have significantly less time, revenue and sources to emphasis on other privacy hazards,” he added.