The European Union’s overhaul of data privacy regulation is estimated to have generated 114 million euros ($126 million) in fines since it was introduced almost two years ago.
Since its implementation in May 2018, the General Data Protection Regulation (GDPR) led to over 160,000 data breach notifications across Europe, according to research from multinational law firm DLA Piper.
Ross McKean, a partner at DLA Piper specializing in cyber and data protection, said his firm’s findings showed “we’re still in the very early days” of enforcement. It’s been roughly 20 months since the EU’s new rules were introduced.
“It’s not a huge surprise that we’re seeing a slow start to fines, but there’s more to come,” McKean told CNBC in an interview.
The biggest fine under GDPR to date was a penalty dished out by the French data protection regulator. The CNIL fined Google 50 million euros last year for alleged infringements of GDPR. Those infringements were related to transparency and a lack of valid consent, rather than a data breach.