Security News > 2020 > January > GDPR: $126 Million in Fines and Counting
From when GDPR went into full effect on May 25, 2018, until Friday, EU data protection authorities also imposed €114 million in fines under the privacy regulation for a wide variety of infringements, not all involving data breaches.
The report doesn't count the U.K. Information Commissioner's Office stating that it intends to fine Marriott International $130 million and to fine British Airways $239.5 million for data breaches that occurred after GDPR went into full effect, since those penalties have yet to be finalized.
Clearly GDPR has been reshaping the data breach and privacy discussion in Europe, says Ross McKean, a partner at DLA Piper who specializes in cyber and data protection, although regulators have yet to use their full fining power.
Any organization worldwide that violates the privacy regulation faces fines of up to 4 percent of their annual global revenue or €20 million - whichever is greater - as well as other potential sanctions, such as losing their ability to process personal data.
"Bulgaria, Croatia, Portugal, Slovakia did not provide any data on breach notifications," DLA Piper says, and Croatia provided no information on any GDPR fines it has levied.
News URL
https://www.inforisktoday.com/gdpr-126-million-in-fines-counting-a-13630