GDPR fines total £100m: which countries have dished out the most so far?

An average of 247 breaches are reported per day

Data protection agencies have issued around €114m (£97m) in fines under GDPR since the regulation came into force in May 2018, according to law firm DLA Piper.

DLA Piper's report into GDPR states that there were a total of 160,921 personal data breaches reported by organisations across the European Economic Area up until 17 January this year.

An average of 247 data breaches were reported every day in 2019, it added.

The total value of fines issued is highest in France, at €51.1m. However, if you discount the €50m dished out to Google by French authorities, Germany sits at the top of the pile, with fines totalling €24.6m.

The UK ranked outside the top 10, with fines totalling €320,000, but this does not include two notices of intent to fine, for British Airways and Marriott, which total €329m.

The fines counted are for all forms of GDPR infringements, not just data breaches.

The UK ranks highly for the number of data breaches (22,181) at number three, behind only the Netherlands and Germany at 40,647 and 37,636 respectively.

Ross McKean, cybersecurity expert at DLA Piper, said he expects authorities to issue a greater number of fines, at higher amounts, over the coming years.

"GDPR has driven the issue of data breach well and truly into the open," he said.

"The total amount of fines imposed to date is relatively low compared with the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement.

"We expect to see momentum build with more multimillion-euro fines being imposed over the coming year as regulators ramp up their enforcement activity."

Highlights

/news/4046202/staff-salaries-2022

/news/4046158/midwich-ceo-nimans-acquisition-2021-results-returning-pre-pandemic-levels

/news/4046159/vendors-suspend-sales-russia-following-ukraine-invasion