Quastels
  • Expertise
    • Corporate & Commercial
    • Commercial Real Estate
    • Residential Real Estate
    • Digital Assets & Blockchain
    • Data Protection & Privacy
    • Employment
    • Dispute Resolution
    • Sports
    • Private Client
    • Immigration
  • Team
  • News
  • About us
    • Core Values
    • Joining Us
    • Social Impact Programme
  • Contact
Menu
Quastels
  • Expertise
    • Corporate & Commercial
    • Commercial Real Estate
    • Residential Real Estate
    • Digital Assets & Blockchain
    • Data Protection & Privacy
    • Employment
    • Dispute Resolution
    • Sports
    • Private Client
    • Immigration
  • Team
  • News
  • About us
    • Core Values
    • Joining Us
    • Social Impact Programme
  • Contact
Quastels
  • Expertise
    • Corporate & Commercial
    • Commercial Real Estate
    • Residential Real Estate
    • Digital Assets & Blockchain
    • Data Protection & Privacy
    • Employment
    • Dispute Resolution
    • Sports
    • Private Client
    • Immigration
  • Team
  • News
  • About us
    • Core Values
    • Joining Us
    • Social Impact Programme
  • Contact

Protect Your Organisation from GDPR Fines 

  • Home
  • News
  • Articles
  • Protect Your Organisation from GDPR Fines 
Protect Your Organisation from Dramatically Increased GDPR Fines
  • 27 February 202327 February 2023
  • Aaron Godsi
Article by Ann-Maree Blake

The General Data Protection Regulation (GDPR) is a comprehensive privacy law that was implemented by the European Union (EU) in 2018. Its purpose is to protect the personal data of EU citizens by establishing strict rules for the collection, processing, and storage of personal information by organisations. 

The GDPR applies not only to organisations based in the EU but also to any organisation that processes the personal data of EU citizens, regardless of where the organisation is located. Non-compliance with GDPR can result in significant fines and penalties.

What is the latest on GDPR fines?

According to recent research, supervising authorities across Europe have markedly increased the level of fines issued to companies found in breach of the GDPR. Latest figures show:

  • In the year ending March 2022, data protection supervisory authorities across Europe issued fines of around EUR 1.581 billion (GDP 1.403) (+1.319 billion in comparison to the 2021 figures.
  • A total number of 1,031 fines (+505 in comparison to 2021) were issued in the year ending March 2022.
  • In relation to the number of fines and average sum of fines issued, the most common compliance breach was due to “insufficient legal basis for data processing”. The second and third most reported and fined breaches were caused by “insufficient technical and organisational measures to ensure information security” and “insufficient fulfilment of data subject’s rights”.

These figures show that GDPR enforcement is here to stay and regulators are increasing the number of investigated cases and penalty levels year on year. No business can afford to be complacent when it comes to implementing GDPR policies and procedures.

Find out more in our post Five Ways To Protect Your Company from a GDPR fine

What sectors received the most GDPR fines?

The following sectors received the highest number of GDPR fines:

  • Industry and Commerce
  • Media
  • Telecoms 
  • Broadcasting 
  • Transportation
  • Energy

It is imperative to note that this does not mean these sectors are necessarily shirking their data protection and privacy compliance obligations, rather it is an indication that these industries are the most exposed in terms of GDPR-related risk. Although the average fines levied in the Transportation and Energy sectors were high, the number of fines issued was relatively low. This signifies that although breaches in this sector are relatively rare, when they occur they are serious and thus attract large penalties.

What are the most common types of GDPR breaches leading to fines?

The top areas of GDPR non-compliance leading to fines were:

  • Insufficient legal basis for data processing
  • Inadequate technical and organisational measures to ensure information security
  • Non-compliance with general data processing principles
  • Insufficient fulfilment of data subjects’ rights
  • Unsatisfactory fulfilment of information obligations
  • Insufficient cooperation with supervisory authority
  • Inadequate fulfilment of data breach notification obligations
  • Non-appointment of data protection officer
  • Insufficient data processing agreement

This shows that many companies are still unsure of what constitutes a lawful basis for processing personal data. The lawful foundations for processing data are set out in Article 6 of the GDPR and at least one of the following must be present whenever personal data is processed:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

If none of the above apply to your reason for processing personal data, the processing is unlawful and therefore a breach of Article 6.

Wrapping up

The data is clear – all companies, especially those in high-risk sectors such as advertising, technology, telecommunications, and general communications (for example direct marketing) need to implement consistent, proactive training programmes to ensure all employees understand what is required for GDPR compliance. As supervising authorities become more confident with enforcing data protection and privacy regulations, the scope for fines and reputational damage leading to a loss of consumer trust will continue to increase. 

To find out how we can assist you on all matters relating to GDPR and data protection law, please contact Ann-Maree Blake to make an appointment.

Posted in ArticlesTagged data protection laws, EU businesses, GDPR
© All right reserved
  • +44 (0)20 7908 2525
  • enquiries@quastels.com
  • Quastels LLP, Watson House, 54 Baker Street, London W1U 7BU

We are using cookies to give you the best experience on our website. Find out more in our Cookie Policy and Website Privacy Policy

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Find out more in our Cookie Policy, Client Privacy Policy and Website Privacy Policy

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Enabling this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!