Not so fine GDPR fines

Fines. Charges. Penalties. Many will consider these (and similar) words to be negative, mood-killing, or even terrifying. The number and the size of the fines that are imposed regarding the GDPR, the General Data Protection Regulation, are just that. Don’t worry, this article is not your next horror story. We are just filling you in on the phenomenon and what (not) to do. You will be fine.

We (don’t) want more

The number of imposed fines has increased since the introduction of the General Data Protection Regulation in the EU 2,5 years ago. The number of fines had already grown by 39% in 2020.  As a result, research shows that, in that year, fines were imposed worth a total amount of 158 million euros. Those 158 million euros are nothing compared to the biggest fine regarding the GDPR so far. That means a monstrous 746 million euros for tech giant Amazon in 2021. Whoops.

The reason behind these fines increasement is that the enforcement of the GDPR has been increasing. Sounds plausible, right? European supervisory authorities – they are not as scary as they sound – are more active in imposing sanctions in cases of breaches. Besides, the supervisors are interpreting the GDPR in stricter ways.

Differences between the Member States

There are major differences in the number of reports of data breaches between different countries. The explanation is the different cultures of the Member States, which leads to a different interpretations of the legislation and breaches.

Fine time

The less severe infringements in Europe could result to a fine of up to 10 million euros, or 2% of the firm’s worldwide annual revenue from the preceding financial year. The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR.  Additionally, these types of infringements could result in a fine of up to 20 million euros, or 4% of the firm’s worldwide annual revenue from the preceding financial year.

Supervisors’ GDPR points of attention may vary. From the lack of a solid juridical basis for processing personal data to not implementing enough security around the data and breaching the requirements for limiting personal data and its storage. In the future, there will be (even) more attention to transparency around privacy-sensitive personal data.

Compleye’s cheat sheet

As a result, we advise you to always make sure that you are GDPR compliant. No idea where to start? But we do. Our cheat sheet is a great beginning to help you assess and secure your organisation to avoid costly fines. In the end, there are better things to spend your money on. Get it here.

Table of Contents