IDCA NewsAll IDCA News
3 Jun 2022
More than 1.5 billion euros in GDPR fines imposed in Europe in 2021
Since the General Data Protection Regulation (GDPR) took effect in 2018, the amount of fines imposed for non-compliance with the GDPR has grown to 1.581 billion euros in 2021, according to CMS' third annual Enforcement Tracker Report. The striking increase is largely due to a record fine in Luxembourg of no less than 746 million euros and a fine of 225 million euros in Ireland.
The report by law firm CMS contains an analysis of all publicly available information regarding GDPR fines across Europe. Between March 2021 and March 2022, more than 500 new fines were imposed.
Eight of the ten highest fines to date have resulted from the processing of personal data without a valid legal basis (such as consent or a legitimate interest). Second was non-compliance with other core principles, such as transparency, followed by inadequate information security.
Spain imposed more than a third of the total number of fines imposed at the European level, followed by Italy, Romania, and Hungary. Despite the GDPR goal of harmonized frameworks, enforcement of GDPR is still largely governed by national laws and local practices. New guidelines for calculating fines, recently published by the European Data Protection Board (EDPB) for consultation, aim to harmonize the fines policy of European privacy regulators. Especially for large organizations with a high turnover rate, the new fine policy is expected to lead to higher fines.
CMS has developed an Enforcement Tracker fine database that is publicly accessible.
Photo credit: ev
Follow us on social media: