Skip to content

GDPR Fines Reach €50 Million After One Year

When the EU’s General Data Protection Regulation (GDPR) was implemented in 2018, businesses and organisations rushed to ensure that they remained above board and compliant, filling inboxes with requests to stay signed up to date their communications.

But maximum penalties of up to €20 million or 4% of annual turnover – whichever is higher – were enough to motivate all organisations into taking action. One year on, the International Association of Privacy Professionals (IAPP) has revealed that the total fines levied by GDPR equal €56 million.

More than 94,000 individual complaints have been made to data protection regulators, while more than 64,000 data breach notifications have been made.

IAPP Vice-President and Chief Knowledge Officer, Omar Tene, said: “In the first year, we’ve seen tens of thousands of complaints and data breaches. But we’ve yet to see much evidence that the GDPR has led to an improvement in organisations’ data practices.”

Investigations into data protection disputes can be time-consuming processes, and the system of appeals and approvals means that even one year after GDPR, many complaints are yet to be resolved. This means that the potential total fine sum could continue to rise dramatically as high-profile data protection cases finally reach their conclusion.