EU Data Regulation: Top 3 GDPR Breaches in 2019 Cause €365 Million Fines

Data Regulation: Top 3 GDPR Breaches in 2019 Cause €365 Million Fines

Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information. According to Precise Security research, the ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. However, out of those ten most significant cases, the three highest data breach penalties in 2019 make nearly 90 percent of this sizeable amount, which meant €365 million in fines.

In July 2019, British Airways was fined a record €204.6 million for a data breach, which is the highest data breach penalty in the world so far. The UK’s data protection authority, ICO, fined the British airline after the Magecart group used card skimming to collect the personal and payment information of up to half a million of their customers.

The second highest data breach penalty of €204.6 million relates to a cyber incident notified to the ICO by American multinational company Marriott International, in November 2018. The event caused exposure of approximately 339 million guest records, of which 30 million connected to residents of 31 European countries and another 7 million to UK citizens.

Talking about the breach, Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

With €50 million worth financial fine, Google ranked third on the list of the highest data breach penalties in 2019. The fine imposed by France’s data protection regulator, CNIL, was issued because Google failed to provide enough information to users about its data consent policies. The tech giant also didn’t give them enough control in using their information. The top three highest data breach penalties in 2019 have caused a financial cost of nearly €365 million.

When personal data for which a company is responsible are inadvertently revealed, that firm is obligated to report an incident to the national data protection authority within 72 hours of finding out about the event.

Since May 2018, all European data protection authorities have received more than 90,000 data breach notifications. Depending on the seriousness of the breach, the GDPR delivers them the power to impose fines of up to 4 % of an institution’s annual turnover.

The General Data Protection Regulation (EU) 2016/679, commonly called GDPR, is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU