UK ranks second for GDPR fines



A total of €171.3 million in GDPR fines were issued against European countries in 2020, a new report shows.

The fines were issued between January 1st, 2020, and January 1st, 2021, according to the GDPR Fines 2020 Report by Finbold.

The report reveals that Italy accounts for the highest fines at €58.16 million of the total fines from 34 violations. The UK ranks second with €43.9m in fines – from only three violations.

The two countries cumulatively account for 59.5 per cent of all the EU GDPR fines. Germany is third at €37.39m from three major violations.

Sweden’s 15 violations attracted €14.27m in fines, while Spain closes the top five categories with €8m in fines arising from 128 incidents. In 2020, a total of 299 fines were registered in the EU.

On specific incidents, Germany’s H&M Hennes & Mauritz AB & Co. KG was fined €35.25m for data protection violation. This is the biggest single fine on a specific data breach incident in 2020. Italy’s TIM, a telecommunication operator, received the second-highest fines at €27.8 million. British Airways is third after amassing fines of €22.04 million.

The fine comes after over two years since the General Data Protection Regulation was implemented in the EU and EEA on in May 25, 2018.

Finbold chief editor Oliver Scott said: “Despite campaigns to have organizations enact better measures to protect consumer data, the violations recorded across the EU remain significant with the law coming into place in 2018.

“It will be interesting to see if organizations will take up extra responsibility to prevent breaches in 2021. However, stakes remain high for companies to avoid risking regulatory action for breaches and protecting reputation alongside legal actions.”