One year on, total GDPR fines top €50 million

Charlie Spargo's picture
by Charlie Spargo

As the implementation of the EU's General Data Protection Regulation (GDPR) approached in 2018, companies rushed to ensure all they did remained above board, filling inboxes with requests to stay signed up to their communications.

The potential maximum punishments - of anything up to €20 million or 4% of annual turnover, whichever is higher - were enough to motivate organisations into taking action. One year on, the International Association of Privacy Professionals (IAPP) has revealed that total fines levied equal €56 million.

More than 94,000 individual complaints have been made to data protection regulators, while more than 64,000 data breach notifications have been made.

Omar Tene, IAPP Vice-President and Chief Knowledge Officer, said: "In the first year, we've seen tens of thousands of complaints and data breaches. But we've yet to see much evidence that the GDPR has led to an improvement in organisations' data practices."

Data protection investigations can be time-consuming processes, and the system of appeals and approvals means that even one year after GDPR, many complaints are yet to be resolved. It means that the potential total fine sum could continue to rise dramatically as high-profile data protection cases finally reach their conclusion.