Data protection regulators have issues €114 million in fines so far under the 2018 General Data Protection Regulation. 

The latest findings from DLA Piper found that over 160,000 data breach notifications have been reported across the European Union since the regulation came into effect on May 25, 2018. 

Geographically speaking, fines were the highest in France (€51m), Germany (€24.5m) and Austria (€18m). Countries with the largest number of data breaches notified to regulators include the Netherlands (40,647), Germany (37,636) and the UK (22,181). 

The largest GDPR to date stands at €50m, which was imposed by the French data protection regulator on Google. In this instance, the tech giant was fined for alleged infringements of the transparency principle and lack of valid consent. 

In July 2019, the UK's Information Commissioner's Office (ICO) published intentions to fine British Airways £183.39m and Marriot Hotels £99m as a result of data breaches that hit the organizations back in 2018. Neither fine has been issued at this time. 

The report also found that the breach notification rate has increased by over 12% since last year's report and regulators have been busy enforcing their new powers to hold organizations accountable or risk heavy fines. 

The €114m in fines issued since GDPRs official enactment is relatively low compared to the potential maximum fines that can be issued under the new regulation, leading many to believe that we're in the early stages of enforcement.

Under GDPR, potential fines of up to €20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year can be issued. To avoid these costly fines and public backlash, organizations should get their security defenses in check and expect to see more multi-million Euro fines being issued over the span of 2020 as regulators ramp up their enforcement activity. 

NNT also recommends regularly patching systems to minimize risk and eliminate security vulnerabilities, ensure that the proper access controls are in place (learn more about CIS Control 14: Controlled Access Based on the Need to Know), and only collect and store information that's absolutely critical to business operations. 

>> Learn about the Myths and Maths of GDPR 

>> Learn more about the General Data Protection Regulation (GDPR) 


The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.