Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information. According to Precise Security research, the ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. However, out of those ten most significant cases, the three highest data breach penalties in 2019 make nearly 90 percent of this sizeable amount, which meant €365 million in fines.
In July 2019, British Airways was fined a record €204.6 million for a data breach, which is the highest data breach penalty in the world so far. The UK’s data protection authority, ICO, fined the British airline after the Magecart group used card skimming to collect the personal and payment information of up to half a million of their customers.
The second highest data breach penalty of €204.6 million relates to a cyber incident notified to the ICO by American multinational company Marriott International, in November 2018. The event caused exposure of approximately 339 million guest records, of which 30 million connected to residents of 31 European countries and another 7 million to UK citizens.
Talking about the breach, Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
With €50 million worth financial fine, Google ranked third on the list of the highest data breach penalties in 2019. The fine imposed by France’s data protection regulator, CNIL, was issued because Google failed to provide enough information to users about its data consent policies. The tech giant also didn’t give them enough control in using their information. The top three highest data breach penalties in 2019 have caused a financial cost of nearly €365 million.
When personal data for which a company is responsible are inadvertently revealed, that firm is obligated to report an incident to the national data protection authority within 72 hours of finding out about the event.
Since May 2018, all European data protection authorities have received more than 90,000 data breach notifications. Depending on the seriousness of the breach, the GDPR delivers them the power to impose fines of up to 4 % of an institution’s annual turnover.
The General Data Protection Regulation (EU) 2016/679, commonly called GDPR, is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
Hernaldo Turrillo is a writer and author specialised in innovation, AI, DLT, SMEs, trading, investing and new trends in technology and business. He has been working for ztudium group since 2017. He is the editor of openbusinesscouncil.org, tradersdna.com, hedgethink.com, and writes regularly for intelligenthq.com, socialmediacouncil.eu. Hernaldo was born in Spain and finally settled in London, United Kingdom, after a few years of personal growth. Hernaldo finished his Journalism bachelor degree in the University of Seville, Spain, and began working as reporter in the newspaper, Europa Sur, writing about Politics and Society. He also worked as community manager and marketing advisor in Los Barrios, Spain. Innovation, technology, politics and economy are his main interests, with special focus on new trends and ethical projects. He enjoys finding himself getting lost in words, explaining what he understands from the world and helping others. Besides a journalist he is also a thinker and proactive in digital transformation strategies. Knowledge and ideas have no limits.