Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalizing companies and organizations that don’t adequately protect consumer information. According to PreciseSecurity.com research, the ten most significant GDPR breaches in 2019 have caused €402.6m fines in total. The three highest data breach penalties in 2019 make nearly 90% of this sizeable amount.
Top three data breach penalties in 2019 reach €365m
In July 2019, British Airways was fined a record €204.6% for a data breach, which is the highest data breach penalty in the world so far. The UK’s data protection authority, ICO, fined the British airline after the Magecart group used card skimming to collect the personal and payment information of up to half a million their customers.
The second highest data breach penalty of €204.6m relates to a cyber incident notified to the ICO by American multinational company Marriott International,in November 2018. The event caused exposure of approximately 339m guest records, of which 30m connected to residents of 31 European countries and another 7m to UK citizens.
With €50m worth financial fine, Google ranked third on the list of the highest data breach penalties in 2019. The fine imposed by France’s data protection regulator, CNIL, was issued because Google failed to provide enough information to users about its data consent policies. The tech giant also didn’t give them enough control in using their information. The top three highest data breach penalties in 2019 have caused a financial cost of nearly €365m.
More than 90,000 data breach notifications
When personal data for which a company is responsible are inadvertently revealed, that firm is obligated to report an incident to the national data protection authority within 72-hours of finding out about the event.
Since May 2018, all European data protection authorities have received more than 90,000 data breach notifications. Depending on the seriousness of the breach, the GDPR delivers them the power to impose fines of up to 4 % of an institution’s annual turnover.