GDPR fines skyrocket as EU gets tough on data breaches

Law firm DLA Piper says fines have increased by 39 percent.

Europe’s new privacy protection regime has led to a surge in fines for bad actors, according to research published today. Law firm DLA Piper says that, since January 28th, 2020, the EU has issued around €158.5 million (around $192 million) in financial penalties. That’s a 39-percent increase on the previous 20-month period Piper examined in its report, published this time last year. And as well as the increased fines, the number of breach notifications has shot up by 19 percent across the same 12-month period.

Italy, Germany and France are the three countries most willing to sanction companies, and have collectively charged companies €192.8 million ($234 million) since GDPR came into force. The biggest single fine, however, remains the $57 million that France levied against Google for violating data transparency rules. Other blockbuster fines, including the UK’s $123 million penalty for the Marriott data breach, was trimmed down to just $25 million.

The readiness of these countries to enforce data protection rules comes in stark contrast to the US, where there is a clamor for a GDPR-style regulatory regime. Apple CEO Tim Cook has lent his backing to the idea, as had some members of the outgoing administration. Senator Kirsten Gillibrand called on the US to launch a new data-protection body with similar enforcement powers, while the Government Accountability Office says that new rules are needed, but suggests that the FTC is best placed to act as regulator.