European regulators are increasingly focusing on implementing the General Data Protection Regulation (GDPR) with a spotlight on organizations. The focus has also resulted in the unearthing of more violations alongside increased fines.
Data acquired by Finbold indicates that the cumulative number of GDPR violations has surged 113.5% over the last 12 months between July 2020 and July 2021. Last year, the number of fines was 332, rising to 709 in 2021. Over the same period, the number of fines imposed by EU regulators for the violations spiked 124.92%. In July last year, the cumulative fines stood at €130.69 million, growing to €293.96 million.
Among the specific fines, big tech companies dominated with Google accounting for the biggest share of fines at €60 million as of July 18th, 2021. The fine was imposed by French regulators. Google Ireland ranks second with €40 million in fines while H&M Hennes &Mauritz OnlineShop from Germany is third at €35.26 million. The fines are based on GDPR Enforcement Tracker and Finbold’s GDPR Fines 2020 report.
Why EU GDPR fines are rising
The rising fines over the last year highlight the improved ability by regulators to detect instances of personal data violation. Additionally, it also shows the power bestowed on consumers who are increasingly able to report situations of data violations. Furthermore, it also highlights the urge by regulators to protect consumers considering that the GDPR law is relatively new.
The fines and violations continue to grow when European regulators are increasingly showing their willingness to use their enforcement powers. At the same time, the regulators are adopting strict interpretations of GDPR laws leading to possible heated legal battles that might span over the years.
Furthermore, some of the imposed fines are not always paid as required. Some of the companies sometimes launch appeals leading to either scraping off the fines or reducing them.
Worth mentioning is that the GDPR rules are supposed to be applied in uniform to all adhering countries. However, different nations have emerged to adopt various approaches in implementing the laws.
Notably, the fines and cases increased, and some regulators showed some leniency due to the coronavirus pandemic. Some of the notable high-profile fines were lowered as companies experienced financial hardship.
Focus on tech and telecom companies
In recent months, enforcement actions relating to GDPR’s restrictions have highly focused on the transfers of personal data. Notably, big tech companies have been on the receiving end due to their influence in the market.
Due to the lack of varied choices in the market, these companies have remained dominant, exerting undue influence and control over their customer bases and the data they collect in exchange for the use of their services.
Furthermore, telecom companies have also been hit by some of the biggest fines. These organizations are regularly accused of deliberately misusing personal data to gain a financial and competitive advantage.
In general, both the tech and telecom sectors are heavily data-driven and are involved in large-scale data processing. Furthermore, most customers are concentrated among just a few players whose churn rates are low. This situation leads to companies being complacent about compliance because customers have stuck with them due to a lack of choice.
The fines also point to the veracity of the situation in the absence of the laws. However, the hefty fines are enabling businesses and organizations to prioritize data protection. Furthermore, the fines are helping regulators in Europe set the blueprint for the rest of the world in managing data violation cases.
There is also a need to uphold best practices like having information governance programs that do not promote unnecessary collection or retention of personal data.