GDPR fines

Italy tops GDPR penalty list with €46m worth of fines in 2020

Businesses operating within the European Union have been hit with a total of €68 million (£61.5m) in fines relating to GDPR breaches so far in 2020.

Over €45 million of that came from Italian-owned companies, according to financial experts Finbold, which compiled a top 20 using data collected from the GDPR’s enforcement tracker website.

Europe’s data protection regulation turned two in May, but it seems many businesses are still struggling with compliance as the most common violation was an insufficient legal basis for data processing.

From 1 January to 17 August, Italy came out on top, having been issued with €45.6 million in fines as a result of 13 separate investigations. Sweden came in second, with €7.3 million in fines from 4 cases, while the Netherlands were ranked third with €2.8 million worth of penalties.

Germany has only received one GDPR-related fine since the start of the year, however that particular case, involving health insurance firm Allgemeine Ortskrankekasse (AOK), resulted in a €1.2 million fine in June, placing the country 5th on the list. The firm was sanctioned after it was shown that collected personal data, such as contact details and insurance information, were being improperly used for advertising purposes.

When ordered in terms of total number of cases, Spain currently tops the list with 76 investigations and subsequent penalties, although the majority of these were for relatively minor infractions, racking up just €1.9 million in fines.

The UK is notably absent from the rankings, as the most recent British organisation to receive a GDPR fine was Doorstep Dispensaree Ltd in December 2019. The firm was levied with a €320,000 sanction for failing to protect physical NHS documents by storing these outdoors in cardboard boxes.

There are also a handful of significant fines that have been proposed but not yet levied, many of which could be enforced before the end of the year. These include record-breaking sanctions against British Airways and Marriott International in 2019 of €205 million and €110 million respectively, both of which were issued by the UK’s data watchdog, the Information Commissioner’s Office.

Read more here.

Subscribe to our Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Latest News
SolarWinds hackers breach US nuclear weapons agency
Cyber Security Data Breach

SolarWinds hackers breach US nuclear weapons agency

December 18, 2020
Irish Data Protection Commission to announce Twitter fine on December 17th
Data Breach Fines

Irish Data Protection Commission to announce Twitter fine on December 17th

December 14, 2020
EU Commission proposes new Data Governance Act
Personal Data

EU Commission proposes new Data Governance Act

November 30, 2020
EU consumers will soon be able to defend their rights collectively
Personal Data

EU consumers will soon be able to defend their rights collectively

November 30, 2020
Open Rights Group is taking the ICO to court over the regulator’s failure to stop unlawful practices by the AdTech industry
GDPR Personal Data

Open Rights Group is taking the ICO to court over the regulator’s failure to stop unlawful practices by the AdTech industry

November 11, 2020
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Latest Blog Posts

dpa gdpr

Data Protection Authorities (DPA)

October 21, 2020 No Comments

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the application of the GDPR. They

Read More »
GDPR Register
Facebook-f Linkedin-in Youtube

Company

About
Contact Us
Privacy
Cookies
Security
Jobs

SERVICES

GDPR Register
Terms and Conditions
Find a DPO
Legal Notice

Resources

Request a Demo
BLOG | RSS | Atom
News | RSS | Atom
FAQ

Newsletter

Your e-mail address is only used to send you our newsletter and information about the activities of GDPR Register. You can always use the unsubscribe link included in the mail.

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje

 

Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data