European regulators have issued €114 million (US$126 million) in fines under GDPR since the new privacy rules came into force, according to a new report.
The report from law firm DLA Piper notes the value of fines remains low but is likely to increase as the scheme matures and regulators adopt a more consistent approach to calculating the penalties.
Across the 28 European member states, plus Norway, Iceland and Liechtenstein, 160,000 breach notifications have been reported since 25th May 2018.
France, Germany, and Austria topped the rankings for the total value of GDPR fines imposed with just over €51 million, €24.5 million and €18 million respectively.
France has issued the biggest fine to date, whacking Google with a €50 fine for alleged infringements of the transparency principle and lack of valid consent, rather than for data breach.
In the UK, the Information Commissioner has threatened to issue two record-breaking fines totalling €329 million, neither of which had been finalised by the time the report was published.
The Netherlands, Germany and the UK topped the table for the number of data breaches notified to regulators with 40,647, 37,636 and 22,181 notifications each.
According to the report, the daily rate of breach notifications has increased by 12.6 per cent from 247 notifications per day for the first eight months of GDPR from 25 May 2018 to 27 January 2019, to 278 breach notifications per day for the current year.
The report also identified inconsistencies in reporting levels across European geographies, for example Italy with a population of 62 million people only recorded 1,886 breach notifications.
“GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12 per cent compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations,” said Ross McKean, a partner at DLA Piper specialising in cyber and data protection.
“The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement. We expect to see momentum build with more multi-million Euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”