A recently issued report by DLA Piper shows that since the General Data Protection Regulations (“GDPR”) came into effect in May 2018, EU regulators have imposed €114 million in penalties for companies violating the GDPR.
The largest fine was €50 million imposed on Google by the French data protection authority (the “CNIL”), due to violations of the GDPR’s duties of transparency and obtaining consent for processing personal data.
The report indicates a 12% increase in data breach notifications reported to data protection authorities in the EU, amounting to 160,000 data breach notification reports since the GDPR came into force.
Notably, the Information Commissioner’s Office in the UK (the “ICO”) announced in July 2019 that it intends to impose an unprecedented fine of €175 million on British Airways. If the penalty is imposed, it will be the largest one under the GDPR to date.