European privacy regulators have issued just under €1.1 billion in fines over the past year for companies that did not comply with GDPR privacy guidelines.
Since the entry into force of the GDPR, it is mandatory to report data breaches to the competent authority. The number of reports has obviously increased enormously since then. Not only in terms of the number of reports, but also in terms of the size of the fines.
These "monster fines" imposed by national regulators can amount to as much as 2% of the global annual turnover. Companies operating in several European countries may even face such fines per country! And even worse: for very serious infringements of the GDPR legislation, the fine can be increased to 4% of the worldwide annual turnover.
From the very beginning, it was clear that this legislation was very strict and rigorous. The key question, however, was: what about enforcement? Or: how hot is the soup being eaten? Warm…and sometimes even hot!
Overview GDPR fines
After a transition period in which privacy regulators promised to spare companies, fines are imposed more often these days. And higher fines too.
These trends have not escaped Datanews either. In this fascinating blog post with the revealing title "Privacy regulators gain momentum", they discuss a report by the law firm DLA PIPER which calculates that in the past year, more than 1 billion euros worth of fines have been imposed!
The highest individual fine to date was issued by the Luxembourg regulator to AMAZON and amounted to a record sum of EUR 746 million!
But the Belgian regulator is also hitting out more and more often. In 2022, IAB Europe was fined €250,000 for the lack of a (sufficient) legal basis for certain data processing activities.
TIP: this website keeps track of the GDPR fines of all European countries and allows the visitor to apply all kinds of filters and sorting. Have a look regularly!
While you are working hard to better integrate the GDPR into your business processes and operations, it is smart to also have a plan B for when Murphy does show up.
All our cyber insurance packages include professional specialist services and coverages to assist you in this regard such as :
- Active Hotline incl. legal support by AFFLUO (Johan Vandendriessche). Upon notification of an incident, it is immediately assessed whether GDPR is involved...and in what way. After all, you only have 72 hours to take the right steps !
- Administrative obligations & fines. In all our policies, GDPR-related fines are also included in the insured capital
- Informing all stakeholders if a cyber incident in your company also impacts the integrity of personal or corporate data.
- If you have subscribed to the "Legal Aid" extension, you will benefit from very wide coverage of legal defence costs