Top ten GDPR breaches in 2019 cause €402.6m fines
Enormous fines imposed for data breaches in 2019 prove that regulators have become severe about penalising companies and organisations that don't adequately protect consumer information. According to PreciseSecurity.com research, the ten most significant GDPR breaches in 2019 have caused €402.6 million fines in total. The three highest data breach penalties in 2019 make nearly 90% of this sizeable amount.
Top three data breach penalties in 2019
In July 2019, British Airways was fined a record €204.6 million for a data breach, which is the highest data breach penalty in the world so far. The UK's data protection authority, ICO, fined the British airline after the Magecart group used card skimming to collect the personal and payment information of up to half a million their customers.
The second highest data breach penalty of €204.6 million relates to a cyber incident notified to the ICO by American multinational company Marriott International, in November 2018. The event caused exposure of approximately 339 million guest records, of which 30 million connected to residents of 31 European countries and another seven million to UK citizens.
With €50 million worth financial fine, Google ranked third on the list of the highest data breach penalties in 2019. The fine imposed by France's data protection regulator, CNIL, was issued because Google failed to provide enough information to users about its data consent policies. The tech giant also didn't give them enough control in using their information. The top three highest data breach penalties in 2019 have caused a financial cost of nearly €365 million.
More than 90,000 data breach notifications
When personal data for which a company is responsible are inadvertently revealed, that firm is obligated to report an incident to the national data protection authority within 72 hours of finding out about the event.
Since May 2018, all European data protection authorities have received more than 90,000 data breach notifications. Depending on the seriousness of the breach, the GDPR delivers them the power to impose fines of up to four percent of an institution's annual turnover.