The last few months have seen the reporting of some very significant fines against well-known businesses for breaching the General Data Protection Regulation.
The first big one was issued by the National Data Protection Commission in the UK when the Information Commissioner’s Office issued notices of intent or fines against British Airways PLC for 205 million Euros and Marriott International Inc for 110 million Euros. And in Bulgaria, the Commission for Personal Data Protection Fined its National Revenue Agency for 2.6 million Euros.
It is anticipated these will be followed by decisions of the German regulator, which is contemplating another multimillion fine against a presently unnamed company, with other similar cases pending in the UK and Ireland.
Clearly, the regulators across Europe are beginning to flex their enforcement muscles with the supervisory authorities of 13 different European Union countries appearing in the top 20 list of fines being issued.