Data ProtectionPrivacy

2021 DLA Piper GDPR fines and data breach notifications report

The 2021 DLA Piper GDPR fines and data breach notifications report gives a snapshot of what happened in the privacy world during the last 12 months.

€ 272.5 million (about $ 332.4 million / £ 245.3 million) of fines have been imposed for a wide range of infringements of Europe’s tough data protection laws according to the 2021 DLA Piper GDPR fines and data breach notifications report, which covers 27 European Union Member States plus the UK, Norway, Iceland, and Liechtenstein.

The Italian data protection authority, the Garante, tops the rankings for aggregate fines having imposed more than € 69.3 million (about $ 84.5 million / $ 62.4 million) since the application of GDPR on 25 May 2018. Germany and France came second and third with aggregate fines of € 69.1 million and € 54.4 million respectively.

The highest GDPR fine to date remains the € 50 million (about $ 61 million / £ 45 million) imposed by the French data protection regulator on Google for alleged infringements of GDPR’s transparency principle and lack of valid consent.

Following two high-profile data breaches, the UK Information Commissioner’s Office (ICO) published two notices of intent to fine in July 2019 totaling £ 282 million (about € 313 million / € 382 million). However, in a significant climbdown by the UK regulator, the final fines imposed in October 2020 were greatly reduced to £ 20 million (about € 22.2 million / $ 27.1 million) and £ 18.4 million (about € 20.4 million / $ 25 million). The Austrian supervisory authority suffered a setback when its € 18 million fine (about £ 16.2 million / $ 22 million) was successfully appealed in December 2020.

As to the number of data breach notifications, in aggregate, there have been more than 281,000 data breach notifications since the application of GDPR on 25 May 2018, with Germany (77,747), The Netherlands (66,527), and the UK (30,536) topping the table for the number of data breaches notified to regulators. France and Italy, countries with populations over 67 million and 62 million people respectively, only recorded 5389 and 3460 data breach notifications for the same period illustrating the cultural differences in approach to breach notification.

The aggregate daily rate of breach notifications in Europe experienced double-digit growth for the second year running with 331 notifications per day since 28 January 2020, a 19% increase compared to 278 breach notifications per day for the previous year.

Weighting the results against country populations, Denmark takes pole position this year ahead of The Netherlands with 155.6 and 150 reported breaches per 100,000 people respectively. Ireland is in third place with 127.8 reported breaches per 100,000 people. Greece, Italy, and Croatia reported the fewest number of breaches per capita since 28 January 2020.

It is possible to request the report HERE and “Are privacy fines really massive under the GDPR?“.


Don't miss our weekly insights

Show More

Giulio Coraggio

I am the location head of the Italian Intellectual Property & Technology department and the global co-head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our client's success.

Related Articles

Back to top button