Lexis®Library update: Using publicly available data from national Data Protection Authorities (DPAs), alongside fines not in the public domain uncovered by MLex journalists, the report found that in 2021, GDPR fines amounted to €1.07bn, up from €182m in 2020, with Big Tech being responsible for the most GDPR fine amounts (76% at the end of June 2022). The report also considers the Digital Services Act and the Digital Markets Act, passed in 2022 and due to take effect in early 2024, and the lessons that these can extract from the GDPR.
The report also notes that of the 1,473 fines issued between May 2018 and June 2022, 887 fines were imposed for breaches of Article 5 of the GDPR, with Articles 6 (481 fines) and 32 (256 fines) being the second and third most commonly cited articles in fines.
The majority of fines were issued by the Spanish Data Protection Authority, reaching 474 fines since the coming into force of the GDPR, totalling €56.7m, while no fines were issued in Estonia and Slovenia.
MLex also highlighted that 23 out of the 30 DPAs reviewed stated that they did not have enough budget to carry out their activities.
A special edition of the MLex Podcast has also been published alongside the report, discussing the report’s key themes.
Source: Is the GDPR doing its job?
This content was first published by LNB News / Lexis®Library, a LexisNexis® company, on 21 September 2022 and is published with permission. Further information can be found at: www.lexisnexis.co.uk