GDPR breaches increased by a fifth in 2020

The data shows that since the introduction of the GDPR in May 2018, Italy’s regulator has imposed €69.3m fines – the most in the European Union, as well as the UK, Norway, Iceland and Liechtenstein. Germany and France were second and third respectively, with €69.1m and €54.4m. 

The research also shows that since the introduction of GDPR, there have been 281,000 data breaches across Europe, with Germany ( 77,747 ), the Netherlands ( 66,527 ) and the UK ( 30,536 ) seeing the most breaches reported to regulators.

In 2020, there were 331 data breach notifications per day across Europe – a 19% increase on 2019. Denmark had the most notifications per 100,000 people with 155.6. The fewest per 100,000 people were in Greece, Italy and Croatia.

The €50m fine from the French regulator for Google over transparency infringements is the highest GDPR fine to date.

Ross McKean, chair of DLA Piper’s UK Data Protection & Security Group, said: “Fines and breach notifications continue their double digit annual growth and European regulators have shown their willingness to use their enforcement powers. They have also adopted some extremely strict interpretations of GDPR setting the scene for heated legal battles in the years ahead.

“However, we have also seen regulators show a degree of leniency this year in response to the ongoing pandemic with several high profile fines being reduced due to financial hardship.”