The GDPR has been in force for almost two years, and EU supervisory authorities have not lost any momentum in bringing enforcement actions for violations of the law.
A survey of the last three months alone shows a wide range of enforcement activity. In particular, regulators have issued fines to large companies like major banks and Google, but also to mid-sized organizations, including government and professional agencies, schools, telecommunication companies, and restaurants. Even more surprising, some enforcement actions have been directed at private individuals.
While some fines were as low as €1,000, the vast majority of fines ranged from €10,000-€90,000. However, the highest fines have reached over a million euros, with one particularly jaw-dropping fine of €27,800,000.
Finally, Spain has issued by far the highest number of enforcement actions in the past three months; however, regulators in Italy, Romania, the UK, Greece, Cyprus, Denmark, Iceland, Belgium, Sweden, the Netherlands, Hungary, and Poland have also been especially active.
Based on the frequency of enforcement actions – and the fines associated with them – no company should consider itself “safe” from GDPR enforcement, even for violations that may seem minor. Protect your organization by seeking professional support from a firm like VeraSafe. Contact us today to learn how we can help.