New analysis from data discovery firm Exonar revealed that organizations across Europe have suffered over £313 million (US$404 million) in GDPR fines for failing to protect customers/employees’ private data and not having appropriate cybersecurity in place. Exonar claimed that so far 50 penalties totaling £482 million (US$ 622 million) have been issued under GDPR, in which 65% of them are mainly due to two key issues- insufficient security and storing unsecured data.
Nearly 39% of GDPR fines were due to insufficient security measures in organizations, which affected companies including British Airways, Active Assurances, and DSK Bank, totaling to £188,865,900 (US$ 243,727,981) fines to date. Storing unsecured data was responsible for 26% of fines totaling £123,663,350 (US$ 159,562,925) affecting high-profile organizations including Marriott, Deutsche Wohnen, and 1&1 Telecom.
In addition, illicit use of personally identifiable information (PII) and failing to comply with Data Subject Access Requests (DSAR) were responsible for 19% of fines totaling £92,055,300 (US$ 118,774,866). The remaining 16% fines totaling to £77,135,050 (US$ 99,540,611) were due to various issues like Uber’s failure to report a breach fast enough, Unicredit’s incorrect sharing of data, and H&M’s massive €35.2 (US$41.1 million) this month for unlawful use of employee data.
Exonar’s CEO, Danny Reeves, said, “Nearly 65% of GDPR fines were caused because of insufficient security and storing unsecured data. Securing your data first can play a vital role in not only meeting GDPR standards but also help mitigate the risk of the insufficient security – as it will be harder for hackers to access any data in the event of a breach. Reeves continued. Many organizations simply do not know what data they have got, or how much over-retained data they hold because it is no longer visible. Dark data like this is a point of weakness in any organization – and in order to fully secure the data, organizations need to first get a clear understanding of what data they hold.”
Related Story: Four Biggest GDPR Fines of 2020