GDPR – The Privacy Authorities have imposed sanctions of €114 Million

GDPR European Community

Since the entry into force of the GDPR on 25 May 2018, there have been more than 160,000 notifications of data breaches in the 28 EU Member States, plus Norway, Iceland and Liechtenstein.

According to the latest survey carried out by DLA Piper, the Data Protection Supervisors issued fines totaling €114 million for various types of breaches of the Regulation and not just for data breaches.

GDPR sanctions

There are 1,886 cases of data breaches notified to the Italian Guarantor, a value that ranks Italy eleventh in the European Union by a number of notifications, while the sanctions issued – amounting to € 11.55 million – rank Italy in fourth place. France, Germany and Austria are at the top of the ranking for the total value of sanctions imposed under GDPR with just over € 51 million, € 24.5 million and € 18 million respectively. The Netherlands (40,647 cases), Germany (37,636) and the United Kingdom (22,181) are at the top of the table for the number of data breach notifications.

GDPR European Community

The daily rate of data breach notifications also increased by 12.6%: from 247 notifications per day for the first eight months of GDPR (from 25 May 2018 to 27 January 2019) to 278 data breach notifications per day for the current year.

Assessing the results in comparison to the population of the countries, Italy reported 2.05 data breaches per 100,000 people, compared to 0.9 per 100,000 last year: a figure that ranks the country in 25th place compared to the previous year’s penultimate position.

General Data Protection Regulation GDPR

The highest sanction to date, amounting to 50 million euros, has been imposed by the French Data Protection Supervisor – the CNIL – against Google, for alleged violations of the principle of transparency and lack of valid consent. Following two significant data breaches, the UK ICO published two notices of intent to impose sanctions in July 2019 totaling some €329 million. However, none of these had been finalized by the date of this report.

GDPR EU

NB. Not all Member States of the European Economic Area publish statistics on infringement notifications. Many provided statistics only for part of the period covered by this report. The figures have been rounded and in some case, extrapolated to provide the best approximations.

Download the complete report @ Global Legal Chronicle Italia