European Union privacy regulators are gearing up to make full use of expanded powers under new data protection rules, according to a report that found 114 million euros ($126.5 million) in fines have been levied so far for data violations, with even higher penalties expected.
Regulators in France, Germany and Austria levied the biggest fines so far, while the Netherlands, Germany and the U.K. topped the list for the number of data breaches notified to their authorities, the survey by law firm DLA Piper found. France’s data protection commission, the CNIL, last January slapped Google with a 50 million-euro fine over transparency, information and consent failures.
The French fine was the biggest issued so far since the EU’s General Data Protection Regulation, GDPR, took effect in May 2018. Regulators for the first time got the powers to fine companies as much as 4% of global annual sales for serious violations. The U.K. watchdog, the Information Commissioner’s Office already announced its intention to fine British Airways 183.4 million pounds ($239 million) over computer attacks that exposed customer data, and Marriott International Inc. 99 million pounds over a cyber-attack.
“The total amount of fines of 114 million euros imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement,” Ross McKean, a partner at DLA Piper specializing in cyber and data protection, said in a statement. “We expect to see momentum build with more multi-million euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”
Was this article valuable?
Here are more articles you may enjoy.