On 25 May 2020, two years will have passed since the effective entry into force of the GDPR, the new general data protection regulation active throughout the European territory. Today the law firm DLA Piper publishes a study on the legislation, drawing conclusions on the actions taken by the authorities of individual states against companies that have not done enough to protect information of their users and customers.
GDPR: fines of 114 million since May 2018
The total amount of the sanctions is equal to 114 million euros. The most important is the one that arrived from France to Google: 50 million euros for the ways in which the Android operating system guides the user through the configuration of the new devices. In the United Kingdom, the possibility of inflicting a £ 183 million one on IAG, a group that controls the airline British Airways, is being considered for a violation dating back to summer 2018.
Recall that the GDPR gives the authorities the power to establish fines by the amount that can reach 2% and in some cases 4% of the profits generated by a company globally in a year. This won't happen any time soon: explaining why is DLA Piper's Ross McKean.
It will take some time. The authorities are initially cautious about reaching 4% because they know that the decision can be brought on appeal. And losing credibility is going towards an almost certain defeat on appeal.
According to the study, the Netherlands, the United Kingdom and Germany are the countries in which multiple reports have been collected relating to data breach.