Over the last year, European data regulators issued €1.1 billion (£920 million) in GDPR fines the previous year alone. It is almost a 575 per cent increase from last year. Among GDPR fines, the UK ranks sixth. The GDPR fined British Airways alone £20 million.
The General Data Protection Regulation (GDPR) had increased reports last year. A statement shared by international law firm DLA Piper said an increase of 8 per cent GDPR breach notifications from last year took place. In 2021, it received 356 notices per day in the GDPR breach.
The EU’s GDPR began its journey in May 2018 as a part of legislation aimed to give people power over their data. The social media era and the boom of online technology made it harder for general people to know of their rights regarding data collection. GDPR aims to restrict companies from taking in a free flow of data from the customers. They also set legislation on how organizations can use that data.
In the modern era, GDPR is a phenomenal name as more businesses, organizations, social media companies are processing data in mass quantities. Another great feature of GDPR is that they follow up on where user data ends. For the EU citizen’s it is a great add-on.
GDPR came to play directly from the Data Protection Act 2018. The Data Protection Act 2018 directly comes from a similar ruling in 1998. A revised rule is given as now the organization can be fined a maximum of £500,000 for violating the laws or 4 per cent of global turnover, which is much higher.
Since January 2021, they have received over 130,000 notified personal data breaches. Among these, the Netherlands suffered the most breach notifications per 100,000 people. International law firm DLA Piper surveyed 27 EU member states, including the UK, Norway, Iceland and Liechtenstein. The survey reflected an over 8 per cent increase in GDPR breach notifications from 2020. In 2020, the reports were an average of 331 per day.
France’s privacy watchdog latest to find Google Analytics breaches GDPR. Google Analytics breaches the EU privacy laws in France. Austria, too had a similar conclusion. CNIL, France’s data watchdog, talked about an unnamed local website’s use of Google Analytics. It doesn’t comply with the General Data Protection Regulation (GDPR) on Article 44. CNIL is investigating 101 complaints filed by the European privacy advocacy group.
GDPR recorded breaches on the other spectrum too. Czech Republic, Croatia, Greece also faced vulnerability notifications but not as severe. Over €746 million was fined against Luxembourg, and it was by far the highest GDPR in 2021. It is followed by a €225 million fine against WhatsApp. Our last notable mention is €50 million in penalties against Google by France.
After losing financial and personal details for about 380,000 customers, the UK came in sixth place and was fined £20 million by the GDPR. In September, a cyberattack was responsible for the data breach. The UK reported 40,026 data breach notifications, among which 8,355 were reported in 2020. Another batch of 9,490 was reported in 2021—a 13 per cent increase in just under a year.
The UK Data Protection and Security Group chair Ross McKean talked about the increase in fines that “has established itself as the top data protection compliance challenge for many organizations caught by GDPR.” Under GDPR, controllers must make sure personal data is processed lawfully transparently. Users must know why their information is being used where they are used while abiding by the GDPR rules.
“Lawfully” can have a wide range here, but the first law is a user should consent to their data being used, and alternatively, they may comply with legal actions. The company set regulations must abide by GDPR for a transparent data flow.