Since the General Data Protection Regulation (GDPR) took effect in 2018, European regulators have imposed roughly $126 million in fines.
That’s according to a new report from global law firm DLA Piper, which found the GDPR has so far resulted in more than 160,000 data breach notifications in Europe alone.
Since the GDPR went into effect, the comprehensive European data law has threatened a number of U.S. tech titans with significant fines.
For example, after a security breach that affected roughly 50 million Facebook accounts in late 2018, European regulators reportedly threatened the company with more than $1 billion in fines.
However, the highest GDPR fine was approximately $55 million -- imposed by the French data protection regulator on Google for alleged infringements of the transparency principle and lack of valid consent.
Of note, data-breach notifications appear to be on the rise, according to Ross McKean, a partner at DLA Piper specializing in cyber and data protections.
“The rate of breach notification has increased by over 12% compared to last year’s report,” McKean remarks in the latest report. In part, McKean attributes the rise to regulators’ expanding arsenal of powers to sanction and fine companies.
To date, McKean also believes regulators have been fairly restrained.
“The total amount of fines of [$126 million] imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement.”
Looking ahead, McKean said he and his colleagues expect to see momentum build with more multimillion Euro fines being imposed in the coming year as regulators ramp up enforcement activity.