More Than 200 GDPR Fines Issued Totaling EUR144 Million, New Study by Privacy Affairs Finds

LONDON, Feb. 18, 2020 /PRNewswire/ -- Over 200 fines have been handed to organisations in Europe under strict data protection laws implemented in 2018, according to research from Privacy Affairs. Using data from official sources, the researchers created an online dashboard to track GDPR fines.

A key finding is that different national data protection authorities interpret the rules differently. The largest fine in Romania, EUR80,000, was a similar offense that has seen other companies issued with several million Euro fines.

Breakdown of GDPR fines by amount:

    --  France: EUR51,100,000
    --  Italy: EUR39,360,000
    --  Germany: EUR25,085,725
    --  Austria: EUR18,070,100
    --  Bulgaria:  EUR3,198,460
    --  Spain: EUR1,882,670
    --  Netherlands: EUR1,410,000
    --  Poland: EUR934,330
    --  Greece: EUR735,000
    --  UK: EUR320,000

Breakdown of GDPR fines by number:

    --  Spain: 55
    --  Romania: 22
    --  Germany: 21
    --  Bulgaria: 16
    --  Hungary: 14
    --  Czech Republic: 11
    --  Austria: 8
    --  Cyprus: 8
    --  Belgium: 6
    --  Greece: 6

The Spanish Data Protection Authority has issued 55 fines to date, from EUR3,600 issued to Amador Recreativos for improper use of surveillance footage, to a EUR75,000 fine issued to Vodafone España for a technical error resulting in invoices being sent to a former customer.

The Romanian Data Protection Authority has issued 22 fines, ranging from EUR3,000 issued to Legal Company & Tax Hub SRL for Failure to implement sufficient measures to ensure information security to EUR80,000 issued to ING Bank N.V. for not implementing adequate technical measures to ensure the protection of personal data.

The UK Information Commissioner has dealt with three cases and fines from which one was finalised, and was of EUR320,000. The two potential fines, British Airways of EUR204,600,000 and Marriott International of EUR110,390,200 are not yet final.

The largest GDPR fine to date was issued by French authorities to Google in January 2019. The EUR50 Million was issued on the basis of "lack of transparency, inadequate information and lack of valid consent regarding ads personalization."

8 private individuals have also been fined a total of EUR46,921 including:

    --  EUR11,000 issued to a soccer coach in Austria who was found to be
        secretly filming female players in the shower.
    --  EUR300 issued to a car owner in Austria for unlawful use of a dash-cam.
    --  EUR2,200 issued to a person in Austria for having unlawfully filmed
        public areas using a CCTV system. The system filmed parking lots,
        sidewalks and a garden of a nearby property.
    --  EUR800 issued to a person in Spain who created a fake profile of a
        female colleague on an erotic website. The profile contained the
        person's contact details and information of sexual nature.
    --  EUR2,500 issued to a person in Germany who sent emails to several
        recipients, where each could see the other recipients' email addresses.

For questions regarding the research or more information about the team behind the report, contact Joe Robinson at joe@privacyaffairs.com or visit Privacy Affairs.

Full research here: https://www.privacyaffairs.com/gdpr-fines/

Privacy Affairs is a data privacy and cybersecurity research, information, and advice website.

Related Images

gdpr-fines-tracker.jpg
GDPR Fines Tracker
GDPR Fines List

Related Links

GDPR Fines Tracker

Cyberwarfare statistics: A decade of geopolitical attacks

View original content to download multimedia:http://www.prnewswire.com/news-releases/more-than-200-gdpr-fines-issued-totaling-144-million-new-study-by-privacy-affairs-finds-301006757.html

SOURCE Privacy Affairs