GDPR fines increased by 40% last year, but they will get bigger

Get a free Techzine subscription!

Despite a slow start for the European Union’s General Data Protection Regulation (GDPR) two and a half years ago, the fines are starting to grow as the laws begin to gather serious momentum. There are larger fines on the way for non-compliance, according to historical data.

In a new report released to coincide with the Council of Europe’s data protection day, the law firm DLA Piper’s data protection team says that the past year had a total of $193.4 million (£142.7 million) in GDPR fines.

The numbers indicate a 40% increase compared to the previous twenty months since the laws came into force.

GDPR is young

The total fines reported for GDPR since its inception reached $332 million (£245 million). The number of breach notifications is also up, with an average of 331 data breaches reported every day over the past year. Compare that to the 278 notifications a day from the previous year.

The trend clearly shows that the laws are being taken seriously and that more businesses are complying.

Over 281,000 breach notifications have been reported to the GDPR since May 2018. GDPR-related activity continues to grow, and even though the laws are still young, it will be polished over time.

Discrepancies here and there

The document that contains these rules contains ambiguities and inconsistencies that make it hard to enforce. Regulators using it are being very careful with it.

Even though the rules are principally uniform and meant to be applied to all the EU’s member countries, the reality is different. The nations are not the same and have resorted to different approaches in implementing the laws.

The discrepancies show up when you look at the data since Germany has seen 77,747 breach notifications, compared to Italy’s 3,460 in the same period.

Tip: Many GDPR fines were issued because companies failed in two ways