gdpr hurdles

GDPR: 3 years, €300M, and the ongoing hurdles

It’s been a little over three years since the General Data Protection Regulation (GDPR) has come into force. Still, fines continue to rise, and leaders of organizations across all sectors remain tense about not complying with the regulation.

Since May 2018, the GDPR has become one of Europe’s most famous exports. Not only because it forces non-European companies working in the Old Continent’s market to respect the privacy of EU’s citizens, but also because it established a quality pattern over data privacy legislation and inspired other territories outside Europe to do the same. That is the case with Brazil that created the Lei Geral de Proteção de Dados (General Data Protection Law – in direct translation), and California, with its California Consumer Privacy Act.

300 million euros and 700 fines

The European privacy framework completely transformed the way organizations around the world handle personal data.

One would expect that three years after the implementation, the fines would decrease over time. However, data from the Enforcement Tracker reveals the opposite.

By June 2021, the total amount of fines was over 689, translating into 290 million euros. So far, as seen in the graphic below, December 2020 was the month with more penalties.

Among the most significant fines were:

  • The 50 million euros fine France’s data protection authority issued against Google.
  • The 35 million euros fine Germany’s data protection authority against clothing retailer H&M.
  • The 27.8 million euros issued to Italy’s telecom operator TIM.

The Ever-growing Hurdles

GDPR is an essential step for citizens’ privacy, but it also poses a significant challenge for organizations of all sizes, especially small and medium enterprises (SMEs). Although we would expect more significant difficulties from large corporations (such as the big tech) due to the amount of data these can extract and process, a confidential draft written by officials and seen by the Financial Times reports that smaller businesses were the ones particularly affected by the costs of compliance.

Moreover, the lack of harmonization regarding privacy among EU member states keeps posing barriers to professionals who work in organizations that operate within several EU territories. Although one of the most vital aspects of GDPR was interacting with a single authority – instead of 27 –, member states can still develop their own rules on sensitive data. So, for example, Health organizations working in several states might have to comply with different data privacy rules depending on the local guidelines.

On top of this, the regulation is continuously being updated, which tends to complicate and put additional pressure on the compliance efforts.

The Flexible and Cost-efficient Answer

To help organizations avoid serious concerns and penalties, Quidgest has developed a unique and integrated Data Protection Management solution configurable according to each business operation field and activities.

Due to Quidgest’s built to change approach to software development, new components can be added to the system to fulfill both new organizational needs and comply with regulatory updates – these are usually done in 1/10 of the time compared to the average technology provider company operating in this market.

It also provides a holistic view of the compliance procedures, notifying, advising, and framing each of those responsible for each task to be performed. With the proper notifications at the right time, employees know, in real-time, the actions they must take to ensure the organization’s compliance.

Quidgest’s Data Protection Management Solution also helps with the normalization of intra-organizational processes and the productivity increase due to the non-duplication of efforts and automation of procedures.

According to the Data Protection Officer of Lusoponte, a 120-employee organization that serves more than 30 million people annually, the implementation of Quidgest’s system reduced its operating costs between 20 and 30 percent.

Would you like to know more about Quidgest’s answer to comply with GDPR? Visit the solution’s page or contact us.


Quidgest is a global technology company headquartered in Lisbon and a pioneer in intelligent software modeling and generation. Through its unique generative AI platform, Genio, develops complex, urgent, and specific systems, ready to evolve continuously, flexible, and scalable for various technologies and platforms. Partners and large organizations such as governments, multinational companies, and global multilateral institutions use Quidgest’s solutions to achieve their digital strategies.

quidgest certifications


R. Viriato, 7
1050-233 Lisboa | Portugal
Tel. +351 213 870 563