Home > Technology > Finance sector has received the most GDPR fines to date

Finance sector has received the most GDPR fines to date

Written by Robert McHugh, on 19th Sep 2019. Posted in Technology

article headline

Leading audit, accountancy and advisory firm Mazars have published an analysis showing that of the GDPR fines administered to date across Europe, the finance sector has received 11 fines, significantly more than any other industry.

The majority of these fines were administered for breaches related to the processing of personal data.

The analysis also shows that of the 28 European countries with supervisory authorities examined, 8 countries have yet to administer fines. The countries include Ireland, Croatia, Estonia, Finland, Luxemburg Switzerland, Slovakia and Slovenia. However, penalties related to ongoing Irish investigations are expected in the near future.

Since the introduction of GDPR in May 2018, there have been a total of 68 fines across 20 European countries with supervisory authorities. The Czech Republic, Germany and Hungary have administered the most fines with 9 each.

The analysis showed that 40% of the countries that had issued fines had administered only 1 fine – these being Belgium, Greece, Italy, Lithuania, Malta, Netherlands, Portugal and Sweden.

Of the fines administered, the finance sector received 11 fines, significantly more than any other. This was followed by professional services with 7, followed by the public sector with 5 and healthcare, hospitality, technology and telecommunications, all of which received 4 fines each. Interestingly 4 fines were administered to private citizens and a large cohort of fines (17) could not be categorised by sector as their details were not publically available.

Most fines (41) were administered for violations of Article 5 – ‘Principles relating to the processing of personal data’ followed by 23 fines for breach of Article 6 – ‘Lawfulness of processing’. It is also noteworthy that 3 fines have been administered for Articles 33 ‘Notification of a personal data breach to the supervisory authority’ and 1 for Article 34 ‘Communication of a personal data breach to the data subject’.

This highlights that while an organisation may implement strong controls to protect personal data in the event of a security incident, which may prevent them from being fined, organisations may still be liable for fines if they fail to follow protocol about a notification.

While the most number of fines (41) were noted for Article 5 ‘Principles relating to processing of personal data’, the average fine administered was €.34m. This contrasts with breaches of Article 32 ‘Security of data processing’ with 15 companies fined on average a staggering €21m. A total of 3 organisations in breach of Article 14 ‘Information to be provided where personal data have not been obtained from the subject’ received an average fine of €4.2m.

The analysis also showed that 23 organisations were fined on average €.55m for breach of Article 6 ‘Lawfulness of processing. Finally, 7 fines were administered for breaches of Article 13 ‘The right to be informed’ with an average penalty of €1.8m.

Commenting on the analysis, Partner with Mazars Ireland, Liam McKenna said, "Our analysis shows that issues around the processing of personal data have to date been the most prevalent but given the regulations are only just over a year old, this pattern may change as organisations become more familiar with their responsibilities. With the Irish Data Protection Commissioner set to administer fines in the future, it will be interesting to note the sectors impacted and most common violations fined and how they compare to other European countries."

Source: www.businessworld.ie

More articles from Technology

image Description

Generative AI adoption rates on the increase in Irish workplaces

Read more
image Description

63% of businesses in Ireland to increase AI spend in 2024

Read more
image Description

New AI Accelerator Programme for Start-Ups at UCD

Read more
image Description

Invert Robotics secures €2.5m investment

Read more
image Description

Google expands its Local Employment Task Force in Ireland

Read more