News
2 August 2019

High fines for GDPR infringements. Map of financial penalties in Europe.


Fourteen months after the general data protection regulation (GDPR) entered into force, the European Commission has announced its first conclusions. The recently published report stated that the new regulation has been positive for European citizens, providing them with effective tools to ensure control over their personal data.

How does Poland look in the light of the above conclusions?

4.5 thousand recorded complaints concerning GDPR infringements. This is one of Europe’s highest results. Complaints to the Personal Data Protection Office (UODO) usually concerned the following infringements:

  • sending paper and electronic correspondence containing personal data to unauthorised persons,
  •  loss or theft of information from digital devices and carriers,
  •  ineffective documentation destruction, resulting in the disclosure of confidential information.

To date, the President of the Personal Data Protection Office has issued 107 decisions and imposed 2 fines for GDPR infringements. Nearly PLN 1 million for neglecting the information obligation.  Nearly PLN 56,000 for publishing the personal data of football referees on a website.

How do other EU countries look by way of comparison?

In the European Union as a whole, there have been over 60 fines imposed in 14 EU Member States: Austria, Belgium, Bulgaria, Cyprus, Denmark, France, Lithuania, Germany, Hungary, United Kingdom, Italy, Malta, Poland and Portugal.

The greatest number of fines in the European Union were imposed for infringements of the following provisions:

  • Article 5 GDPR, i.e. personal data processing in contravention of the GDPR’s provisions,
  • Article 6 GDPR, i.e. personal data processing without any legal basis or on the basis of an incorrect legal basis, and
  • Article 32 GDPR, i.e. infringement of processing security.

Examples of fines in Europe:

United Kingdom

 

Two recent affairs in the EU concerned announced fines by the British regulator to be imposed on two entities:

  • British Airways received an information from the regulator about an intention to impose a fine of nearly EUR 205 million for infringing its customers’ data in September 2018,
  • The Marriot hotel network received an information from the regulator about an intention to impose  a fine of over EUR 110 million for an infringement in November 2018.

France

Interesting penalties include the fine of EUR 50 million charged in France on Google for failure to adhere to the new regulations and failure to provide users with sufficient explanations and transparency regarding data transferred to advertisers.

Lithuania

Another example is the fine charged in Lithuania in the amount of EUR 61.5 thousand on the FinTech company. The fine was imposed due to the failure to notify data subjects about the hacking of the company’s server. Additionally, during the investigation, the Lithuanian authority found irregularities regarding data processing and disclosure.

Germany

The German authority received a fine of EUR 80 thousand for publishing health-related data on the Internet.

Portugal

The Portuguese authorities imposed a fine of EUR 400 thousand on a hospital for allowing unauthorised access to the clinical data of its patients.

It is certainly too early to decide categorically whether or not the GDPR’s implementation has been a legislative success of the European Union. It is undisputable that, within the last twelve months, the implemented solutions have increased the awareness of data subjects concerning their personal data processing and also increased the security of the European Union citizens.

The fines are real and data protection within organisations is very important. The management bodies of companies are aware that they need to pay greater attention to compliance

    Administratorem Twoich danych osobowych jest SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k. z siedzibą przy ulicy Rondo ONZ 1, P. 12, 00-124 Warszawa. Twoje dane osobowe są przetwarzane w celu realizacji procesu rekrutacyjnego z Twoim udziałem. Szczegółowe informacje na temat tego, w jaki sposób przetwarzamy Twoje dane osobowe, w tym na temat przysługujących Ci praw wobec Twoich danych osobowych, znajdziesz w polityce prywatności znajdującej się pod tym linkiem Polityka prywatności.

    Jeżeli jesteś zainteresowany uzyskiwaniem ofert oraz materiałów o produktach i usługach SSW Pragmatic Solutions Spaczyński, Szczepaniak, Okoń sp.k. prosimy, wyraź zgodę na przesyłanie Ci takich materiałów:

    Do not hesitate to contact us.

    Aleksandra Cisoń-Kurdziel

    Aleksandra Cisoń-Kurdziel

    Associate

    Contact

    more