EU companies fined more than 110m euros for privacy breaches

By August Graham, PA City Reporter

Companies have been forced to pay around 114 million euro (£97 million) in fines for breaching European privacy rules, a new report has claimed.

More than 160,000 data breaches have been reported across the European Union, Norway, Iceland and Liechtenstein since a new law came into force nearly two years ago.

British companies were the third most frequent offenders against the General Data Protection Regulation (GDPR) rules, with more than 22,000 breaches reported in the UK since the law was introduced in May 2018.

However, they contributed only 320,000 euro (£275,000) of the total fines, according to new research by law firm DLA Piper.

Two prominent British cases involving British Airways and Marriott were not included in the figures because the fines have not yet been finalised.

If the data had included the combined fines of £282 million (329 million euro) the Information Commissioner’s Office last year suggested it will levy over those breaches, it would bring the total EU-wide figure to ‭443 million euro (£367 million).

Companies in France have paid the most, with 51 million euro (£43 million) in fines for breaches of GDPR.

Germany was second at 24.5 million euro (£21 million), and then Austria, where companies paid out 18 million euro (£15 million) for breaches.

Eight countries in the bloc are yet to impose any financial penalties at all and only five countries of the 28 have fined their businesses more than one million euros (£850,000).

“We expect to see momentum build with more multimillion-euro fines being imposed over the coming year as regulators ramp up their enforcement activity,” Ross McKean, a partner at DLA Piper, said.

The biggest fine to date, not counting the two UK cases which are yet to be finalised, was a 50 million euro (£43 million) charge that French authorities imposed on Google.

The number of reports of breaches have increased by 12% compared to the last time DLA Piper compiled the data.

GDPR was introduced in May 2018 in a bid to regulate the way that companies and the public sector store information about their customers.

Organisations can face fines of up to 20 million euros or 4% of annual global turnover if they are found to have breached GDPR rules.