freshman - hands typing laptop keyboard, viewed from the side

It seems like only yesterday that the introduction of GDPR was looming ever closer and businesses across the EU and the UK scrambled to prepare for the new rules.

Whilst there was much panic about the impact it may have on businesses, it appears to have been implemented without much trouble.

Having just passed the third anniversary of its introduction, we thought we’d dive into some of the key figures to determine whether or not it has actually been a success.

If we’re determining the success of GDPR by the financial cost of fines issued, then it’s definitely been worthwhile.

Since the framework became enforceable nearly 700 fines have been issued, totalling fines of approximately £251 million.

Every single EU member state, as well as the UK, have issued at least one fine. The UK and France have issued some of the largest fines for data breaches.

French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL) issued a €50 million fine to Google and a further €35 million fine to Amazon.

Both of these were issued because the tech giants were automatically deploying tracking cookies when users were visiting various company domains.

UK authority, the Information Commissioner’s Office (ICO), also handed two fines totalling over £20 million each to British Airways and Marriot International.

Both fines were issued due to data breaches that exposed hundreds of thousands of their customer’s data.

A recent report has broken down the top ten list for highest total of fine issued by state:
• Italy: €76,217,601
• France: €54,661,300
• Germany: €49,186,833
• United Kingdom: €44,221,000
• Spain: €29,372,510
• Sweden: €12,332,430
• Netherlands: € 5,012,500
• Bulgaria: €3,210,69
• Poland: €1,816,498
• Norway: €1,277,550

Tackling the Tech Giants
Being able to levy these fines is obviously useful in terms of raising money for public services but it isn’t the only benefit.

The GDPR framework enables governments to tackle tech giants like Amazon and Google when they are mismanaging people’s personal information.

Historically, punitive financial measures have meant very little due to the companies this large.

However, GDPR is unique in that the fines are not limited to specific amounts of money.

Section 83 Article 4 stipulates that:

“GDPR sets forth fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher.”

This is important as it is one of the few laws that takes the vast wealth of modern tech corporations into consideration.

When some companies are making more money than nations the laws used to protect the public must be fit for purpose.

When a company like Google is turning over nearly £200 billion each year, fines like £10 million mean practically nothing.

Being able to enforce 2% of their global turnover on the other hand would cause significant harm to their business.

Not just for businesses
It isn’t just large organisations that have fallen foul of the GDPR, a number of private individuals have received substantial fines as well.

Most of these severe fines seem to have been issued in relation to illegal surveillance offences, ranging from erroneous CCTV usage all the way through to things of a more sinister nature.

Lesser fines have been issued for things like copying email addresses so that they are visible to every recipient, the sort of mistake that is very easy to make.

While in some cases enforcement action may appear disproportionate, it serves as a reminder of how important it is to protect data.

Every one of us processes data daily in both our personal and professional lives.

Whether you’re responsible for managing background checks in your organisation or you’re organising a fantasy football league, you have a responsibility to ensure you are protecting data.

If at the very least GDPR can serve as a reminder of this then it would seem it has indeed been a resounding success.

Leave a Reply

Your email address will not be published.

By using this form you agree with the storage and handling of your data by this website, to learn more please read our privacy policy.


Captcha * Time limit is exhausted. Please reload CAPTCHA.