The $425 million GDPR fine has been proposed by Luxembourg’s data protection commission, which has submitted a draft decision to the data protection authorities of the other EU member states.
The large amount of the Booking.com fine is a point of contention as it stretches to the limit of what the GDPR allows for a data breach notification incident that involved relatively little sensitive personal information.
Twitter will pay a GDPR fine of €450,000 (about $546,000) in the first EU cross-border enforcement action brought against a tech giant.
A German court has slashed a GDPR fine assessed to one of the country's largest telecommunications service providers by over 90%, calling it "unreasonably high."
The 2018 Marriott data breach was one of the biggest of its type in history, and was initially looking at receiving one of the biggest fines of £99 million. However, the UK ICO has reduced the penalty to £18.4 million.
One of the largest GDPR fines to date, the UK ICO's decision found that the travel giant was negligent due to ‘poor security arrangements’ creating a hole that was exploited for two months.
H&M earned the GDPR fine by creating highly inappropriate profiles of employees gleaned from one-on-one conversations which was revealed in a 2019 data leak.
Both breach notifications and GDPR fines have increased in the past year, however, survey has shown a striking disparity in the number of data breaches reported among EU member nations.
With a major GDPR fine of $123 million on Marriott following an even bigger $230 million fine on British Airways, businesses worldwide are now on notice to have adequate security safeguards in place to protect user data.
At a proposed value of £183 million, British Airways is facing the highest record of GDPR fines, Britain's DPA is making it clear that companies should protect customers’ data or be ready to pay.