The report of DLA Piper on GDPR fines and data breach notifications shows that Italy was still among the countries with the highest fines in 2021.
We publish DLA Piper’s Annual Report showing the total amount of fines under the GDPR and data breach notifications that occurred in 2021 within the EEA, including the UK.
Based on DLA Piper’s report, Italy represents one of the countries where the total value of sanctions issued under the GDPR has been highest since the GDPR came into force. This circumstance shows that the Italian Data Protection Authority (the Garante) has definitely been active in recent years, even though it has not provided clear criteria for calculating sanctions, leaving companies in a state of uncertainty that can last even years due to the length of proceedings.
This scenario perhaps explains why Italy is also one of the countries with the lowest number of data breach notifications if compared to population size. This circumstance is difficult to explain in a period in which, also due to the pandemic, the number of cyber-attacks has significantly increased. It is possible that the uncertainties of proceedings before the Guarantor act as a deterrent for companies to proceed with data breach notification, which inevitably results in harm to individuals.
This outlook occurs in a context where few companies have moved to ensure effective compliance with the requirements of the Schrems II ruling, which may represent an additional risk of non-compliance in a possible inspection of the Garante following a data breach notification.
On this topic, we point out the methodology and legal tech tool developed by DLA Piper to assess data transfers outside the EEA is currently used by over 170 clients of the law firm and has been already reviewed by the main European privacy authorities, which shows that it is becoming a market standard. It is possible to know more about the methodology of DLA Piper on data transfers HERE.
DLA Piper GDPR fines and data breach survey is available HERE