Since its introduction around two years ago, the EU’s GDPR law has brought in more than €114m in fines.
DLA Piper, a multinational law firm, reports that they’ve had 160,000 breach notifications since then.
As for the biggest fine thus far, it was issued by the CNIL, a French data protection regulator.
It happened last year to none other than Google.
Rather than having to do with a data breach, however, a lack of valid consent and transparency issues were to blame.
The size of the fine depends on the company’s annual revenue (4% of it) or a fixed fee of €20m, whichever happens to be higher.
For companies such as Facebook and Google that handle a truckload of user data, this is a huge deal.
Currently, there are multiple ongoing GDPR investigations in the Republic of Ireland, and companies such as Apple and Facebook keep finding themselves under the scope.
Regarding the highest penalties in Britain, Marriott International and British Airways were two substantial cases last year, collectively amounting to £282m in penalties – these, however, have yet to be finalised.
Another huge penalty example is Facebook’s Cambridge Analytica scandal, which concerned privacy violations – the fine was £500m.
Either way, DLA Piper reports that progress in this area has been slow.
From the first eight months of GDPR until now, the rate of GDPR breach notifications has increased by almost 13%.
According to the firm, not every EU member state makes the GDPR breach statistics publicly available.
When all is said and done, GDPR can be a frustration for businesses in the EU and data protection authorities alike.
It could be argued that GDPR is a vague law.
Due to that, it’s going to take some time before the regulators get the legal certainty necessary to start dishing out higher fines.