Wednesday, September 28, 2022

DLA Piper GDPR fines and Data Breach survey: January 2022

A report produced by DLA Piper’s Cybersecurity and Data Protection team


Data protection supervisory authorities across Europe have issued a total of nearly €1.1 billion (USD1.2 / GBP0.9 billion) in fines since 28 January 2021, according to international law firm DLA Piper.

This figure is taken from the law firm’s latest annual General Data Protection Regulation (GDPR) Fines and Data Breach Survey of the 27 European Union Member states plus the UK, Norway, Iceland and Liechtenstein. This is nearly a sevenfold increase on last year’s total.

This year has seen a change to the aggregate fines league table, with Luxembourg and Ireland, both having record-breaking fines imposed, replacing Italy and Germany in the top two spots and Italy moving down to the third place with €746 million (USD843 / GBP619 million), €226 million (USD255 / GBP188 million) and €79 million (USD89 / GBP66 million) respectively.

The highest GDPR fine to date is the one imposed by the Luxembourg National Commission for Data Protection (CNDP) for €746 million on the US online-based retailer, the biggest fine so far for non-compliance with the GDPR. This is more than 14 times higher than the previous largest GDPR fine (€50 million) imposed by France’s CNIL on Google.

Since 28 January 2021, there have been over 130,000 personal data breaches notified to regulators – on average 356 breach notifications per day, an 8% increase on last year’s daily average of 331 notifications per day.

Weighting the results against country populations, the Netherlands take the top position with 150.7 data breaches per 100,00 people. Greece, the Czech Republic and Croatia reported the fewest number of breaches per capita since 2018.

Commenting on the survey findings, Ross McKean, chair of the UK Data Protection and Security Group said: “The nearly sevenfold increase in fines may be grabbing the headlines but the Schrems II judgment and its profound implications for data transfers has established itself as the top data protection compliance challenge for many organisations caught by GDPR.”

According to the survey findings, the Schrems II judgment doesn’t just create a risk of fines and claims for compensation; it also threatens service interruption in the event data transfers are suspended with serious implications for business continuity.

“The threat of suspension of data transfers is potentially much more damaging and costly than the threat of fines and compensation claims. The focus on transfers and the significant work required to achieve compliance inevitably means that organisations have less time, money and resource to focus on other privacy risks.”

Ewa Kurowska-Tober, Global co-chair of DLA Piper’s Data Protection & Security Group, said “The Schrems II judgment has effectively shifted the problem and burden of a fundamental conflict of laws from the politicians and lawmakers to individual data exporters and importers. Meeting the requirements of Schrems II is a challenge even for the most sophisticated and well-resourced organisations and is beyond the means of many small and medium-sized enterprises. What is really needed is a resolution of the underlying conflict of laws rather than imposing an unrealistic compliance burden onto business and another headwind to international trade as we emerge from the global pandemic.”

Heidi Waem is also an author of this report.

SourceDLA Piper


RyC secures art restitution seized in Civil War

A Ramón y Cajal Abogados´ Art Law, led by partners Rafael Mateu de Ros and Patricia Fernández Lorenzo, succeeded in getting the Ministry of...

Legal Dealmaker hosts a unique event that gathers more than 60 top Energy lawyers

With this event, Legal Dealmaker recognised the enormous talent and practice excellence in the Legal-Energy sector in Spain, after this media selection `Top 100...

Vicente López-Ibor Mayor, Top Energy Lawyers Tribute `HONOUR AWARD´ 2022

Legal Dealmaker is happy and proud to announce that Vicente López-Ibor Mayor, President of the European Federation of Energy Law Associations (EFELA) and President...
- Advertisement -spot_img
- Advertisement -spot_img
- Advertisement -spot_img
- Advertisement -spot_img