GDPR enforcement varies widely by country
Since the GDPR has been introduced, we have seen an increase in complaints and breach notifications. The reason for increase is the growing awareness and it does not mean that data protection rules have been broken. The Netherlands, Germany, and the United Kingdom have reported the largest number of breaches, respectively; Liechtenstein, Iceland, and Cyprus have reported the lowest.
Many of the European Union countries have now issued fines under the GDPR and there are still few that have not. Countries like Belgium, Ireland, Czech Republic, Denmark, Finland, Italy, Slovakia, Slovenia, Spain, and Sweden are yet to issue any penalty or fine under GDPR.
Here in this article we will discuss about how GDPR enforcement varies widely by country.
- Austria: – In Austria, the first breach of the GDPR is treated as a warning. If an organization breaches GDPR for the second time then the Austrian DPA imposes fines on that organization. So far Austria has imposed 3 fines only and all of them involved illegal video surveillance. Also the GDPR violation penalties in Austria are lenient, ranging from €300 to €5,280 (U.S. $337-$5,932).
- France:- Recently French Data Protection Authority (CNIL) fined Google for violating data protection rules under GDPR and imposed a €50 million (U.S. $56.3 million) GDPR fine on them. The other big firms that were fined were Bouygues Telecom (€250,000; U.S. $280,000), Uber (€400,000; U.S. $449,000), Dailymotion (€50,000; U.S. $56,000), and Optical Center (€250,000; U.S. $280,000).
- Germany: – In,Germany National Data Protection Authorities (DPAs) are structured on a state level. So far, DPAs have issued 75 fines since the GDPR is enforced as law, totaling just €449,000 (U.S. $504,000). Health care company was fined with single largest fine being €80,000 (U.S. $90,000) because the exposed sensitive personal data.
- United Kingdom: – U.K has so far imposed two biggestenforcement actions for GDPR violations. They fined British Airways £183.4 million (U.S. $230 million) and Marriott £99.2 million (U.S. $124 million) for data breach related violations.
- Latvia: – During the first years of GDPR enforcement, Latvian DPA did not impose many penalties. They have put their biggest fine which is €2,000 so far and the reason for this is that they don’t want to punish the organizations but want them to understand the law and comply with it.
Above are the few countries that have so far imposed penalties and fines for GDPR violations. In EU there are still few countries that have not imposed any fine yet and these are Belgium, Ireland, Czech Republic, Denmark, Finland, Italy, Slovakia, Slovenia, Spain, and Sweden. Many of EU countries want their organizations to first understand the law and comply with the regulations rather than imposing fines and penalties on them.