Businesses operating within the European Union have been hit with a total of €68 million (£61.5m) in fines relating to GDPR breaches so far in 2020.
Over €45 million of that came from Italian-owned companies, according to financial experts Finbold, which compiled a top 20 using data collected from the GDPR's enforcement tracker website.
Europe's data protection regulation turned two in May, but it seems many businesses are still struggling with compliance as the most common violation was an insufficient legal basis for data processing.
From 1 January to 17 August, Italy came out on top, having been issued with €45.6 million in fines as a result of 13 separate investigations. Sweden came in second, with €7.3 million in fines from 4 cases, while the Netherlands were ranked third with €2.8 million worth of penalties.
Germany has only received one GDPR-related fine since the start of the year, however that particular case, involving health insurance firm Allgemeine Ortskrankekasse (AOK), resulted in a €1.2 million fine in June, placing the country 5th on the list. The firm was sanctioned after it was shown that collected personal data, such as contact details and insurance information, were being improperly used for advertising purposes.
When ordered in terms of total number of cases, Spain currently tops the list with 76 investigations and subsequent penalties, although the majority of these were for relatively minor infractions, racking up just €1.9 million in fines.
The UK is notably absent from the rankings, as the most recent British organisation to receive a GDPR fine was Doorstep Dispensaree Ltd in December 2019. The firm was levied with a €320,000 sanction for failing to protect physical NHS documents by storing these outdoors in cardboard boxes.
There are also a handful of significant fines that have been proposed but not yet levied, many of which could be enforced before the end of the year. These include record-breaking sanctions against British Airways and Marriott International in 2019 of €205 million and €110 million respectively, both of which were issued by the UK's data watchdog, the Information Commissioner's Office.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
-
Anticipate, prevent, and minimize the impact of business disruptionsWhitepaper Nine best practices for building operational resilience
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Top ten ways to anticipate, eliminate, and defeat cyber threats like a bossWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
-
The complete SaaS backup buyer's guideWhitepaper Informing you about the realities of SaaS data protection and why an SaaS back up is essential
-
The 'cyber aSaaSin' manualWhitepaper Providing valuable insights to identify SaaS data enemies and win the battle against SaaS data threats
-
Best practices for Microsoft 365 business continuityWhitepaper Discover how to mitigate the effects of large-scale, high-cost data loss disasters
-
How to answer a tricky subject access request (SAR)Tutorials How do you prove a customer is who they say they are, and how much information should you provide?
