Since the European Union’s GDPR regulations became law on May 25th, 2018, organizations have had to adapt to a new way of thinking about data. The specific and concrete rules leave very little room for interpretation when it comes to the acquisition and storage of data, as well as what to do in the event of a data breach.
All data processing must be compliant with GDPR regulations, and organizations risk receiving large fines for failure to do so.
GDPR fines are occurring at an increasing frequency as organizations fail to collect proper authorization to acquire private data, or inadequately protect the data they hold. As of March 2020, over 230 fines have been issued, totaling over €150m.
Digital privacy advocacy site PrivacyAffairs.com have created a public GDPR fines tracking tool that includes details of every single GDPR fine and is updated regularly.
The tool lists details for both completed fines and ongoing cases, but disregards incomplete cases in the main statistics area so as to retain accuracy of reporting when used as a research aid.
When reviewing the data, it is clear that despite the regulations themselves leaving little room for interpretation, the national bodies responsible for issuing fines consider the severity and monetary value of the fines very differently.
Romania, for example, has issued an €80,000 fine to a bank for a similar offence that has resulted in multi-million euro fines in different countries.