Many GDPR fines were issued because companies failed in two ways

Get a free Techzine subscription!

A new report by Exonar shows that most of the GDPR penalties issued fall into two categories. Businesses across Europe have so far paid over 620 million euro in fines under the GDPR rules. 

65% of these fines come from security and data storage infractions. 39% of those fined were found to be in breach of provisions that demand top-tier security.

Companies that got caught and were fined include DSK Bank, British Airways, and Active Assurances. More than 25% of all the fines resulted from failing to secure or over-retaining data.

A variety of offences

Deutsche Wohnen, Marriott, 1$1 Telecom were some of the well-known companies fined for the over-retaining and under-securing data.

Other fines came down due to illegal use of personally identifiable information and failing to comply with DSAR (Data Subject Access Requests), which accounted for about 19% of the fines.

The remaining 16% was spread over various issues that include Unicredit’s incorrect data sharing methods, Uber failing to report a breach on time, and H&M’s illegal use of employee data. 

If only they secured their data…

Almost 6% of the GDPR fines were about security failings and storing data without securing it, according to the Exonar CEO, Danny Reeves. Securing data is a vital thing most companies need to meet GDPR standards and thwart hackers.

It will be harder for hackers to access data when it is adequately secured.

As the seriousness of GDPR standards is becoming apparent, it would appear that companies will have to fall in line and make sure that they conform to the law. The winner here is going to be the millions of people who entrust their data to these companies.