Violations of the GDPR, the European Union’s data protection legislation, have resulted in a dramatic increase of the fines imposed. The amount of such fines was almost seven times higher compared to the year before, bringing the total to USD 1.25 billion (approximately CZK 26.8 billion). The numbers result from a survey published by CNBC. In 2020, these fines only amounted to USD 180 million in total.
The significant increase has been driven by large tech companies. The highest fine was imposed on Amazon, a US company, by the Luxembourg National Commission for Data Protection and amounted to EUR 746 million. WhatsApp was in second place with its fine amounting to EUR 225 million. The Amazon fine alone is nearly five times the total amount of fines handed out in the EU for 2020. Appeals are currently pending, as the above companies both appealed the respective decisions.
The survey thus indicates that efforts have been stepped up in terms of the monitoring of compliance in the area of personal data protection, together with an increase in penalties for offenders. The GDPR has been in force since 2018 with a view to establish rules for personal data processing in the European Union. In order to collect and process personal data, individual entities (data controllers) must demonstrate a clear legal basis for their activities. If they fail to do so, such conduct constitutes a GDPR violation.
In the event of a data breach, entities are required to notify the competent authorities within 72 hours. In 2021, regulatory authorities registered almost 360 data breaches per day, which represents an 8% increase compared to the year before. A failure to comply with the notification requirements can result in a fine of EUR 20 million or up to 4% of annual global revenues, whichever is higher.
In contrast to the global development in the number of notified GDPR violations, the trend is quite different in the Czech Republic, with a 14% decrease in 2021 compared to the year before. “Only” 311 cases were registered in the Czech Republic in 2021. The Czech Republic currently holds the second-lowest rank in the European Union in terms of the number of notifications. Since the Regulation came into force, the Czech Republic has registered 1,272 notifications of GDPR violations and the amount of fines has exceeded CZK 10 million.