European regulators are committed to holding organizations to account for their data protection practices and have issued plenty of fines in just the first three months of the year
This is according to a new report from financial publication Finbold, which states that EU businesses were fined €33.61 million ($40.56m) in Q1 2021 for “various violations” of the General Data Protection Regulation (GDPR).
Companies in Spain and Germany were hit hardest, making up 78.53 percent of all penalties. In Spain, regulators imposed €15.7m ($18.95m) worth of fines for total of 34 breaches. In Germany, regulators fined three organizations a grand total of €10.7m ($12.92m).
Italy was third with 20 cases and €5.6 million ($6.7m) worth of fines, while the Netherlands ranked fourth with one €440,000 ($531,000) fine.
Of the three months in the quarter, January accounted for the largest proportion of fines, at €17.5 million ($21.13m). The figure dropped 90.28 percent in February, down to €1.7 million ($2.05m), before rising again to €14.29m ($17.25m) in March.
GDPR, the report argues, has not necessarily helped businesses improve their cybersecurity practices, but has forced them to be more transparent with reporting, and gave more power to the consumers.
“The imposed high fines point to improved ability to detect instances of personal data violation,” the report authors claim. “Also, the spotting of violation cases has been improved since the law grants more control to consumers who are the most affected.”