Data Privacy: 1,548,131,508 euros later
João Simões de Abreu, January 28, 2022
In the first semester of 2021, we published an article about the three years of the General Data Protection Regulation (GDPR). By June 2021, as the article details, there were a total of nearly 700 fines, which amounted to 290 million euros.
At the time, the 50 million euro fine against Google by France’s data protection authorities was the most significant one, followed by the €35M issued to H&M in Germany and the €27.8M to Italy’s telecom operator TIM.
However, a few weeks later, the numbers escalated quickly. Until the end of 2021, authorities issued 200 more fines, and the figures grew tremendously. By December, GDPR’s Enforcement Tracker counted more than 1.5 billion euros and 925 penalizations.
Most notoriously, in July 2021, Luxembourg authorities were responsible for issuing a record-breaking 746 million-euro fine against Amazon Europe for not complying with the processing principles of GDPR.
In the first three years of GDPR, only one big tech was fines for noncompliance. However, in the last six months, that changed quickly:
- WhatsApp got a €225M fine in Ireland (September 2021);
- Google got two different fines by France’s authorities – one was issued to Google LLC and the other to Google Ireland – that sum to a total of €150M (both in December 2021);
- And Facebook got a €60M fine delivered by the forceful French data protection officers (December 2021).
Oddly enough, the biggest fines of the year were delivered to big tech companies headquartered in the USA – a friendly reminder to the leaders of the other side of the Atlantic that if they intend to keep running their operations on European grounds, they must comply with data protection regulation.
So far, in the nearly four years GDPR has come to force, fines keep ascending year-over-year.
So far, this year, authorities already issued 15 fines that amount to about 8.2 million euros.
When it comes to trends for this year, in addition to more strict control of data protection authorities over organizations, Beatriz Bagoin Guimarães, Quidgest’s Information and Business Process Management System Manager, says “following the pioneer work developed by Portuguese authorities, we will likely see the widespread introduction – by the European Union and countries with identical standards to the GDPR – of digital maturity certifications, such as those for cybersecurity and privacy and personal data protection, which will guarantee stakeholders (customers, employees, and users) the best practices regarding information handling and security”.
More than ever, organizations must find tools that help them guarantee a compliant activity.
To help organizations avoid concerns, penalties, and reputational damages, Quidgest has developed a unique and integrated Data Protection Management solution that includes Data Protection Management; Data Subjects Management; Data Subjects Portal; Suppliers Portal; Activity Management.