GDPR

Some examples of GPPR fines

Since the GDPR came into effect, there have been several high-profile cases where organizations have been fined for non-compliance. Here are a few examples.

Some examples of GPPR fines
Photo by Christian Lue / Unsplash

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in May 2018. It applies to any organization that processes the personal data of European Union (EU) citizens, regardless of the location of the organization.

One of the key provisions of the GDPR is the ability for regulators to impose significant fines on organizations that violate the law. These fines can be up to 4% of an organization's global annual revenue or €20 million (whichever is greater), depending on the severity of the violation.

Since the GDPR came into effect, there have been several high-profile cases where organizations have been fined for non-compliance. Here are a few examples:

  1. British Airways: In 2019, British Airways was fined a record-breaking £183 million ($230 million) by the UK's Information Commissioner's Office (ICO) for a data breach that exposed the personal data of over 500,000 customers. The ICO found that the company had failed to take sufficient measures to protect the data, and therefore violated the GDPR.
  2. Marriott: In 2020, Marriott International was fined £18.4 million ($23.8 million) by the ICO for a data breach that exposed the personal data of 339 million guests. The ICO found that the company had failed to adequately secure its systems and had not implemented appropriate safeguards to protect the data.
  3. Google: In 2019, Google was fined €50 million ($57 million) by the French data protection authority (CNIL) for failing to provide clear and comprehensive information to users about its data collection practices and for not obtaining valid consent from users for the processing of their personal data.

These examples demonstrate the potential impact of GDPR fines on organizations that do not comply with the law. It is essential for businesses and organizations to take the necessary steps to protect the personal data of EU citizens and ensure compliance with the GDPR. This includes conducting data protection impact assessments, implementing appropriate safeguards, and providing clear and transparent information to users about data collection and processing practices.

In summary, the GDPR fines are a powerful tool that regulators can use to enforce compliance with the law and protect the personal data of EU citizens. It is crucial for organizations to take the necessary steps to comply with the GDPR in order to avoid potentially significant financial penalties.