New analysis from Exonar has revealed that organisations across Europe have suffered GDPR fines to the tune of £313m by failing to have appropriate security in place and storing unsecured data.
New analysis from Exonar has revealed that organisations across Europe have suffered GDPR fines to the tune of £313m* for two key reasons:
1. Failing to have appropriate security in place
2. Storing unsecured data.
So far 50 GDPR penalties totalling £482m* have been issued under GDPR, with the vast majority (almost 65%) down to these two key issues. To see at a glance how the fines break down, scroll down to see our Infographic below.
Exonar’s analysis shows that 39% of GDPR related fines were the result of insufficient security, with affected companies including British Airways, Active Assurances and DSK Bank. These fines have totalled £188,865,900 to date. (As at 16th October 2020, the ICO reduced British Airways fine to £20m, a reduction of £163m from the original fine.)
Unsecured and over-retained data was responsible for 26% of GDPR breach penalties totalling £123,663,350, from high-profile organisations such as Marriott, as well as Deutsche Wohnen and 1&1 Telecom. (Marriott's fine was similarly reduced by the ICO to £18.4m, an 81% reduction.)
Unlawful use of personally identifiable information (PII) and failure to comply with Data Subject Access Requests (DSAR), such as in the case of Vodafone and Google, was responsible for 19% of fines totalling £92,055,300. The remaining 16% totalled £77,135,050 and comprised a range of issues, such as Uber’s failure to report a breach fast enough, Unicredit’s incorrect sharing of data and H&M’s massive £32m fine this month for unlawful use of employee data.
“Many organisations simply don’t know what data they’ve got, or how much over-retained data they hold because it is no longer visible. Dark data like this is a point of weakness in any organisation – and in order to fully secure the data, organisations need to first get a clear understanding of what data they hold.”
Danny Reeves, CEO, Exonar
* This is the original fine total. Since then, two major fines for BA and Marriott have been massively reduced as of October 2020.
Exonar’s analysis shows that 39% of GDPR related fines were the result of insufficient security, with affected companies including British Airways, Active Assurances and DSK Bank. These fines have totalled £188,865,900 to date." (Until the massive reduction of BA's fine in October 2020.)
Subscribe to Our Newsletter
Get the latest product updates, company news, and insight delivered right to your inbox.
Data breach penalties & trust: can the CISO manage reputational risk?