Privacy regulators in Europe last year imposed known fines totaling more than 1 billion euros ($1.2 billion) under the EU’s General Data Protection Regulation, bolstered in part by two record-breaking sanctions, according to the law firm DLA Piper. But sanctions approach varies widely across 31 countries complying with privacy law. By Mathew J. Schwartz.
The amount of fines levied in the 12 months since Jan. 28, 2021, marked a sharp increase from the 159 million euros ($181 million) in fines seen for the preceding 12 months, according to DLA Piper’s latest GDPR and data breach report. Not all of those GDPR violations involved data breaches.
Since GDPR came into full effect on May 25, 2018, organizations that handle Europeans’ personal data must comply with tough breach notification rules, which can include a requirement to notify authorities they have suffered a breach within 72 hours of its discovery. Failure to comply exposes organizations to fines of up to 4% of their annual global revenue or 20 million euros ($22.8 million) - whichever is greater. Organizations’ ability to process people’s personal data can also be revoked (see: Privacy Rights: GDPR Enforcement Celebrates Third Birthday).
In a repeat from 2020, in 2021, Germany and the Netherlands logged the most breach notifications, according to the report. Last year, they were followed by Poland, the U.K and Denmark. Per capita, the number of 2021 breach notifications per 100,000 residents was greatest in the Netherlands (151), followed by Liechtenstein (136) and Denmark (131), according to the report. “Croatia, the Czech Republic and Greece reported the fewest number of breach notifications per capita since Jan. 28, 2021,” it says. Interesting read!
[Read More]