More than €1.1bn worth of GDPR fines were issued since 28 January 2021 with Ireland ranked second highest for fines imposed, according to law firm DLA Piper.
The firm’s latest report shows Ireland was second in the EU for the largest GDPR fine imposed to date at €225,000, far ahead of the third highest – France – at €50,000. This was the Whatsapp Ireland fine in September 2021, the largest ever fine by the Irish Data Protection Commission (DPC). Luxembourg was first in the list with its €746,000 fine on Amazon in August.
The total cost of the fines from 28 January last year was almost six times higher than the €158.5m in penalties imposed by authorities in 2020. Luxembourg and Ireland were first and second for the largest total amount of fines issued last year.
Data breaches notifications saw an increase in the EU, with more than 130,000 personal data breaches notified to regulators and on average 356 breach notifications per day, an 8pc increase on to 2020’s daily average.
A total of 6,802 data breaches were reported to Ireland’s DPC in the past 12 months, ranking sixth highest in the EU and fourth highest based on population.
The report highlights the impact of the landmark Schrems II ruling in July 2020, when privacy advocate Max Schrems brought a complaint against Facebook to the DPC. Chair of the UK Data Protection and Security Group Ross McKean said this judgement for data transfers has “established itself as the top data protection compliance challenge for many organisations caught by GDPR”.
The law firm said the Schrems II judgement doesn’t just create a risk of fines but also threatens service interruptions in the event data transfers are suspended, which can pose problems for business continuity.
“The Schrems II judgment has effectively shifted the problem and burden of a fundamental conflict of laws from the politicians and lawmakers to individual data exporters and importers,” global co-chair of DLA Piper’s Data Protection and Security Group Ewa Kurowska-Tober said. “Meeting the requirements of Schrems II is a challenge even for the most sophisticated and well-resourced organisations and is beyond the means of many small and medium sized enterprises.”
Despite the significant increase in fines last year, DLA Piper said data transfers are not going to stop anytime soon, as we live in “a hyper connected world with many cloud vendors based in the US and other third countries”.
The report said that many data transfers are likely to continue without following the Standard Contractual Clauses in place “given the complexity and prevalence of international supply chains and for many organisations the unachievable compliance burden imposed by Schrems II”.
The law firm also predicts further enforcement activity by data regulators across the EU, along with broadening enforcement activity by financial regulators.
“Moreover, businesses can expect to face scrutiny around data transfer compliance in the context of audits, due diligence, procurement processes and other compliance verification exercises,” the report said.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
The post Ireland ranked second highest in EU for GDPR fines in 2021 appeared first on Silicon Republic.