Fines for the General Data Protection Regulation (GDPR) might be as numerous or large as initially anticipated, but there have been some hefty penalties. The ten largest financial fines for GDPR failures total €402.6m.
The regulation has been in force for 18 months and according to Precise Security, there have been over 90,000 data breaches reported.
If a firm is fined for breaking compliance, an authority can fine them up to 4% of their annual turnover or €20m.
Despite the ten largest fines totalling €402.6m, almost 90% of this is made up by the top three, which amount to €365m.
British Airways has responsible for the biggest penalty. The UK’s Information Commissioner’s Office (ICO) gave the airline the penalty in July 2019 after finding the company had used card skimming to collect personal and payment information from customers.
The second largest GDPR punishment was also handed to American hospitality firm Marriott International in November 2018. The company received a combined €110m in fines from the UK’s ICO and Turkey’s data protection regulator for exposing guest records of 339 million guests.
Finally, Google’s €50m fine it received earlier in 2019 is the third biggest to date. The search engine giant was penalised by the French data protection regulator Commission nationale de l’informatique et des libertés (CNIL) for not supplying enough information to users about its data consent policies.
Copyright © 2019 FinTech Global
Copyright © 2018 RegTech Analyst