Police Officer on August 17 , 2020 - Estonia While both of these actions might seem reasonable, the company could not prove it … Italians top the list for GDPR fines in 2020! The General Data Protection Regulation (GDPR) went into effect 25 May 2018. Thatâs what Ticketmaster got out of all this. The UK’s Data Protection Authority (ICO) imposed a fine against British Airways in connect with a 2018 data breach in a final sum of £2 0million. We love receiving new and interesting questions that help us think about data in new ways. The thing is, that along with this new storage panorama, comes the new challenge of managing this scattered data. Perform due diligence in evaluating privacy requirements and cybersecurity controls during the merger and acquisition process. 8.4k members in the gdpr community. Two tiers of GDPR fines. Hence the punitive action. The cyber-attack was only discovered two months later but by that time hackers had already stolen the personal data of more than 400,000 customers. € 114 million of GDPR fines were imposed, and over 160,000 data breach notifications occurred according to DLA Piper Data Breach Report 2020. Cledara Limited is registered under the UK Data Protection Act (ZA466806). On October 30, 2020, the ICO issued a £18.4 million fine against Marriott International Inc. H&M – €35 million ($41.3 million) Fine A German subsidiary of the Swedish retail conglomerate H&M was fined for the illegal surveillance of hundreds of its employees. There will be two levels of fines based on the GDPR. Vodafone Espana faced several GDPR fines in 2020. In second place was Sweden. Surprisingly, or perhaps not, there has been a rise in the level of activity by authorities regarding GDPR. This is the largest fine issued by the ICO to date. The company had collected sensitive personal data through the use of staff surveys and informal chats. Marriott acquired Starwood in 2016, but the exposure of customer information was not discovered until two years later. However, by the end of 2020, Italy has issued almost €70 million in fines, showing that the Italian Garante is ready to tackle serious GDPR violations with high penalties, leaving behind Germany, France, and the UK. France, Germany, and Austria top the table for the total value of GDPR fines imposed to date with €51 million (U.S. $56.6 million; against Google), €24.5 million (U.S. $27.2 million; against real estate company Deutsche Wohnen) and €18 million (U.S. $20 million; against Austrian Post, the country’s principal mail service provider). In other words, they received a fine for a massive data breach because theyâd not completed  a risk assessment before selecting and implementing the tool. Privacy regulators throughout the European Union are setting a precedence of regulatory enforcement and sending a strong message that companies must respect personal privacy, protect personal data, and uphold their obligations under the applicable privacy laws. Major GDPR fine count: 2020: 20; 2019: 29; 2018: 1; Total: 50; Major GDPR fine total in Euros (approximate due to currency conversion): 2020: € 155,647,736; 2019: € 112,915,407 2018: € 400,000; Total: € 268,963,143; 2020 Major GDPR Fines October, 2020 Itâs a pity they didnât use a SaaS risk assessment tool like Cledara because they could have saved themselves a lot of money. Languages. Data breaches of this size often result in action from the authorities, but what we are trying to say is that the size of the fine is often higher when the company is unable to demonstrate that it has the proper risk management process in place. Belgium . Introduction. A German subsidiary of the Swedish retail conglomerate H&M was fined for the illegal surveillance of hundreds of its employees. Last month, however, judges at France’s top court for administrative law dismissed Google’s appeal and upheld the eye-watering penalty. September 2, 2020 | GDPR. How the GDPR could change in 2020. GDPR fines: total list for 2020. GDPR Fines. Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. Standards, social interactions, the way we do business⦠it all has changed. They issued hundreds of fines to companies, including Google and Facebook, more than €114 million in the first 20 months of GDPR. Please note that we do not list any fines imposed under national / non-European laws, under non-data protection laws (e.g. We are here to remind you that Ticketmaster is not alone in this. And we want to take you through it and ask ourselves: why is GDPR compliance getting so serious? Their chatbot. Around half of General Data Protection Regulation (GDPR) fines were incurred by Italian owned companies, according to financial experts Finbold. Meanwhile authorities were not sitting with arms folded but managed to impose numerous fines. Cledara Limited is registered with the Financial Conduct Authority as an EMD Agent (reference no. In most cases, organizations were fined because of insufficient technical and organizational measures to ensure information security. It looks like itâs not just a Google and Facebook thing anymore. On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. The fine stems from the November 2018 disclosure that personal data contained in approximately 339 million guest records globally were exposed as a result of a breach into the Starwood hotels system in 2014. This October, Marriott and British Airways were also fined £18.4million and £20million respectively by the ICO for a failure to comply with GDPR standards. That chatbot⦠If only we had used Cledara⦠Thatâs what the people at Ticketmaster must have thought when they got a £1.25million fine from the ICO for failing to keep its customer data safe. GDPR fine for unlawful video surveillance in an LSS housing.  If you found this post interesting and have other questions that youâd like us to help answer, drop us a line at hello@cledara.com. Something went wrong while submitting the form. Ask questions about the GDPR … October 23, 2020 by Robin. Companies that ignore their privacy and data protection obligations are bound to pay the price in the form of regulatory fines, consumer litigation, and diminished reputation with their customers. New EBA Outsourcing Guidelines: What SaaS is Considered Critical or Important? But what the regulators demand is that you know where customer data is going, and what risks arise from hosting that data in the locations you host it. Cledara is a proud member of Techstars London, Cledara Limited is Registered in UK (11455373). But whatâs not right, as the ICO sees it, is when Ticketmaster, or any other company, fails to run a risk assessment of parts of the business that might, in some scenario, compromise customer data. List of GDPR fines 2020 – from January to May.