Jonathan Compton, UK compliance attorney and partner at DMH Stallard, has said that the Virgin Media group could be sanctioned with the highest of possible GDPR financial sanctions under GDPR. Medical records are really the most sensitive … Storage limitation principle -How long should you keep personal data? If the ICO proceeds to fine BA, it is likely to top the current record fine under the GDPR, which stands at €50 million (approximately $57 million). ‘victims’ for unlawful data protection practices. An important takeaway from the recent ICO decision to reduce fine for British Airways shows that regulators are adjusting to the special circumstances of the current global situation. Bitdefender Mobile Security for Android In 2018 the UK Information Commissioner’s Office fined Equifax and Facebook or data failures under the pre-GDPR Data Protection Act, in which the highest possible fine … as the nations with the most punishable incidents. The maximum GDPR fine is reserved for serious infringement and non-compliance is the greater of €20 million or 4% of a company’s global annual turnover. What was announced as the biggest GDPR fine every set in the UK, ended up being reduced to £20 million, in the light of a recent COVID-19 pandemic and the effect it had on the airline industry. GDPR penalties and fines. If you continue to use this site we will assume that you are happy with it. This is the biggest GDPR fine to this date, issued for violation of: • Information to be provided where personal data are collected from the data subject – Article 13, • Information to be provided where personal data have not been obtained from the data subject – Article 14, • Lawfulness of processing – Article 6, • and Principles relating to the processing of personal data – Article 5. Press Center. On 21 January 2019, the French National Commission on Informatics and Liberty or CNIL, fined Google with a €50 million fine. Bug Bounty We recommend you read an entire article that explains violations in detail: hbspt.cta.load(5699763, '6680ce94-947d-4fb2-9f28-7d6aa4b9f485', {}); In July 2019, the ICO initially announced its intention to issue €204,6 million (£183.39 million) to British Airways for violation of Article 31 of the GDPR. hbspt.cta.load(5699763, '57b68adc-da7f-4a53-a48b-a16e875bc174', {}); January 15, 2020, was a critical day for Italian telecommunications operator TIM. The following is a non-exhaustive list of GDPR provisions which, if infringed, may attract a top level fine: 28 EU nations, including the now Brexited United Kingdom, has issued at least However, by the end of 2020, Italy has issued almost €70 million in fines, showing that the Italian Garante is ready to tackle serious GDPR violations with high penalties, leaving behind Germany, France, and the UK. Trial Downloads Bitdefender PC Protection Deutsche Wohnen SE (14.5M Euros) In October 2019, the largest GDPR fine was issued against a real estate company, Deutsche Wohnen SE by the Berlin Commissioner for Data Protection and Freedom of information. The GDPR states explicitly that some violations are more severe than others. Despite the 160 something thousand violations reported to the data protection authorities. The largest GDPR fine to date was issued by French authorities to Google in January 2019. The Hamburg Commissioner for Data Protection and Freedom of Information (BfDI) issued a €35,3 (or $41,5) million fine to Swedish retail conglomerate Hennes & Mauritz – H&M, for the violation of the General Data Protection Regulation (GDPR). Tags: GDPR. After more than a year, there is finally a conclusion to the ICO investigation, the fine is settled from a massive £99 million to £18, 4million. The case is pretty interesting since the company collected sensitive personal data of their employees through whispering campaigns, gossip, and other sources to create profiles of employees and used that data in the employment process. Readers UK This list focuses on major fines of at least €100,000. British Airways – €22 000 000. member state legislates independently and is permitted to interpret the They have contacted non-customers multiple times (certain numbers over 150 times per month) without proper consent or other legal bases. Non-compliance with the GDPR may result in fines. (After the Brexit transition period ends on 31 December 2020, the UK GDPR and DPA (Data Protection Act) 2018 will mandate a maximum fine of £17.5 million or 4% of annual global turnover.) The rough amount of all GDPR fines issued so far is currently a little bit over €220 million, which is not a staggering number, and that is if we include recent Marriot and British Airways fines. Bitdefender GravityZone Enterprise Security Research from the beginning of the year by the DLA Piper: GDPR data breach survey January 2020, reported there had been 160,921 personal data breaches within the EEA, from May 25, 2018, up until January 2020. Some companies narrowly avoided a GDPR-scale fine, as their data incident occurred prior to GDPR's implementation date. What You Need to Know, Cable Haunt vulnerability affects millions of Broadcom cable modems, Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas, 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre, Bitdefender GravityZone Business Security, Bitdefender GravityZone Advanced Business Security, Bitdefender GravityZone Enterprise Security, Bitdefender - a leading cyber security technology provider. On October 30, 2020, the ICO issued a penalty notice explaining their decision. It is important to note that these figures are the maximum figures. It’s the biggest GDPR-related fine so far – by far, and the UK’s data protection body – the Information Commissioner’s Office (ICO) – imposed it based on 1.5 percent of BA’s 2017 worldwide revenue. The EU GDPR (General Data Protection Regulation) sets a maximum fine of €20 million (about £18 million) or 4% of annual global turnover – whichever is greater – for infringements. There will be two levels of fines based on the GDPR. The issue became public after a technical error, the data on the company’s’ network drive was accessible to everyone in the company for a few hours and the press picked up the news making the Commissioner aware of the violation. The Italian DPA Garante issued €27,8 million GDPR fine for quite an extensive list of violations. With revenue in excess of $4 billion for 2012, Yahoo would have faced millions of dollars in fines if GDPR would have been in place—$80 million … breaks down the nations with the highest fines and those with the most fines as The report The Hamburg Commissioner for Data Protection and Freedom of Information ("Hamburg DPA") imposed a 35.5 million Euro fine on a global fashion company's subsidiary in Germany for violations of the GDPR. The fine was related to the cyber attack, in which personal data of over 339 million guest records, were exposed. Since the enforcement of the General Data Protection Regulation (GDPR) in May 2018, the UK has reported the highest amount of fines issued for … What remains to be seen is will other data protection authorities follow? hbspt.cta.load(5699763, '2e44fb5a-1939-4a30-986f-0a0482178794', {}); In July 2019, ICO issued an intent to fine Marriott International more than £99 million for infringements of the GDPR. The fine was therefore issued on the account of lack of transparency on how the data were harvested from data subjects and used for ad targeting. GDPR does not have a fixed formula to precisely calculate the GDPR fine to be issued given a non-compliance situation. Did we miss one? This million Euro fine is the highest fine known in Germany so far. The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is … Filip is an experienced writer with over a decade of practice in the technology realm. Try Data Privacy Manager and experience how you can simplify managing records of processing activities, third-parties, or data subject requests! Marriott international exposed itself to the cyber-attack after the acquisition of the Starwood hotels group. two years can access the full research here. Free Tools The ICO concluded that Marriott failed to undertake sufficient due diligence after the acquisition and should have implemented appropriate security measures. The fine is the highest GDPR penalty levied in Germany since the legislation come into force in 2018, and the second highest of its kind throughout the continent. According to It also In 2020, Marriott suffered another data breach, this time affecting 5.2 million individuals. interested in learning more about the fines dealt under the GDPR in the past one penalty under the new data protection legislature. The personal data included medical records including diagnoses and symptoms of the illness as well as private details about vacation and family affairs. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The true impact of GDPR fines The impact that a significant GDPR fine can have on a firm's bottom line can be devastating, even for some of the world's biggest companies. break the law,” according to PrivacyAffairs. The activities involved: Improper management of consent lists ❌Excessive data retention ❌Data Breaches ❌Lack of proper consent ❌Violation of GDPR rights. report tallying fines issued under the 2018 General Data Protection Regulation DOJ Officials Shut Down Spoofed Domains of Moderna and Regeneron, Nintendo Went Mission-Impossible on Homebrew Hacker in 2013, Alleged Leaked Documents Show, Attackers Use Mobile Emulators on an Unprecedented Scale to Steal Millions of Dollars in a Few Days, Cybercriminals Take Over Famous Twitter Accounts, Start Bitcoin Scam, Feds Point to Escalated Ransomware Attacks on Financial Institutions, Offer Guidance Based on Success Stories, Microsoft Ends Support for Windows 7. It also lists the countries where the highest fines were dealt, as well Interestingly, both the smallest and the biggest fine to this date was issued to Google. Under the GDPR, the ICO can impose up fines of up to 20 million Euros or 4% of group worldwide turnover (whichever is greater) against both data controllers and data processors. In July 2019, the ICO initially announced its intention to issue €204,6 … Let us know. PrivacyAffairs, Supervisory authorities will have the scope to impose fines of a lower amount, or take a range of actions such as: While it's too soon to know whether the tides are changing around GDPR fines, the fact that this is the second highest fine levied since the regulation's inception in 2018 shows that securing privacy of individuals, especially employees, is still critical for regulators. According to Netzpolitik.org, this is the highest GDPR fine ever imposed in Germany. ✅ central management and connectivity with other systems ✅ collaboration through all organizational units ✅ automated data removal ✅ managing compliant record of processing activities ✅ risk-free third-party management. GDPR Fines Tracker by PrivacyAffairs France tops the list of highest fines because of a €50 million fine issued by French authorities to Google in January 2019 on the basis of “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.” The largest and highest GDPR fines. Major GDPR fine count: 2020: 20; 2019: 29; 2018: 1; Total: 50; Major GDPR fine total in Euros (approximate due to currency conversion): 2020: € 155,647,736; 2019: € 112,915,407 ; 2018: € 400,000; Total: € 268,963,143; 2020 Major GDPR Fines October, 2020 regulations differently and impose their own penalties to organisations that We use cookies to ensure that we give you the best experience on our website. Portugal – Centro Hospitalar Barreiro Montijo hospital. Bitdefender Product Comparison, Bitdefender GravityZone Business Security He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. At this point, you have probably heard Google’s cautionary tale. penalty issued to an individual in Spain for unlawful video surveillance of Of the 290 companies found to have breached GDPR in some shape or form, the largest fine has been levelled at Google. According to the ICO official statement “…investigation found the airline was processing a significant amount of personal data without adequate security measures in place. As the DLA Piper report is stating: “Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime.”. This would mean either 4% of global turnover or €20 million, whichever figure is greater. The second highest number of fines comes from Romania. Out of those 339 million individuals, 31 million were residents of the EEA. A fine of €20 million or 4% of annual turnover will be a significant amount for any company to have to pay. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. (GDPR). In January of 2019, the French DPA, the CNIL, fined the tech giant €50 million for violating the requirements of the GDPR. Bitdefender Cybersecurity for Smart Home This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.”, The company had inadequate security mechanisms to prevent such cyber-attacks from happening. review. also tracks the highest fines issued to private individuals, including a €20,000 Free Online Virus Scanner Bitdefender GravityZone Advanced Business Security In those few months, the British Airways website diverted users’ traffic to a hacker website, which resulted in hackers stealing personal data of more than 400.000 customers. found secretly filming female players while they were taking showers. Numerous individual violations of data protection law are now showing their effects: The Berlin Commissioner for Data Protection and Freedom of Information has imposed fines in excess of €195,407, including fees, on Delivery Hero Deutschland GmbH. Since the report, the numbers have gone up. Both Equifax and Facebook received the maximum fine possible - … Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of: The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9 The data subjects’ rights under Articles 12-22 SolutionsRecords of Processing ActivitiesThird Party ManagementConsent and Preference ManagementData Subjects RequestPrivacy PortalData InventoryData FlowData RemovalPrivacy 360Risk Management, Data Privacy Manager © 2018-2020 All Rights Reservedinfo@dataprivacymanager.net, Harbor cooperation between DPO, Legal Services, IT and Marketing, Guide your partners trough vendor management process workflow, Consolidate your data and prioritize your relationship with customers, Turn data subjects request into an automated workflow, Allow your customers to communicate their requests and preferences at any time, Discover personal data across multiple systems, Establish control over complete personal Data Flow, Introducing end-to end automation of personal data removal, Clear 360 overview of all data and information, Identifying the risk from the point of view of Data Subject, Data Privacy Manager © 2018-2020 All Rights Reserved, DLA Piper: GDPR data breach survey January 2020, €14.5 million GDPR fine to Deutsche Wohnen SE, EDPB recommendations for transferring personal data to non-EU countries, British Airways fine for 2018 data breach reduced to £20 million. Since we don’t want to repeat ourselves (too much), you can read more about GDPR fine in general in our glossary. The Highest Compliance Fines In History House Subcommittee Holds First Ever Hearing On Cryptocurrencies, ICOs GDPR Checklist – Part 3 – IT Governance and control procedures employees and an €11,000 penalty issued to a soccer coach in Austria who was “Whilst GDPR The scope of their illegal activities is hard to ignore. Free Virus Removal Tools The report mentions a €2,500 fine issued to a Germany resident who sent emails to several Office, totaling over €640,000.Two potentially massive fines, for Marriott The highest fine can get to €20 million or 4% of the annual revenue of the company. The personal information included name, surname or company name; tax code or VAT number; telephone line; address; contact details. No comments Following the first major GDPR-related financial penalty against internet giant Google, the world seems to have been waiting with bated breath for the next major fine to dwarf the €50 million (U.S. $56.3 million) France’s data regulator meted out in January. Read more about the second Marriot breach: hbspt.cta.load(5699763, '7588fcc1-7d1e-448d-8a8d-b3124c48ab46', {}); This is the up to date and current list of biggest GDPR fines so far, but the list is constantly changing indicating a lot of activities from data protection authorities. Free Antivirus follows: France tops the list of highest fines because of a €50 million fine issued by French authorities to Google in January 2019 on the basis of “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation.” By contrast, the smallest fine to date under the GDPR is a €90 penalty issued to a Hungarian hospital on November 18, 2019. The report continues with the highest GDPR fines among EU member states, with France, Austria, and Germany as leading countries that issued the biggest GDPR fines so far, but with mostly one big penalty. The higher maximum amount, is 20 million Euros (or equivalent in sterling) or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher. The ICO also recognizes the steps taken by Marriott following discovery of the incident to promptly inform and protect the interests of its guests.”. The ICO stated that a “variety of information was compromised by poor security arrangements at the company, including login, payment card, and travel booking details as well name and address information.”. Try a 14-day free trial of the Data Privacy Manager and experience how you can simplify managing records of processing activities and risk assignment! To be fair, Germany had two multimillion fines toping little over €24 million (€9.55 million GDPR fine for 1&1 Telecom and €14.5 million GDPR fine to Deutsche Wohnen SE). On top of the mentioned maximum GDPR fines a second level of fines (10 million euros or two percent of global annual turnover) is foreseen, which means that the GDPR differentiates. Google failed to provide enough information to users about consent policies and did not give them enough control over how their personal data is processed. Google and the GDPR: The Highest Data Protection Fine Yet. However, the total amount of issued GDPR fines does not really follow those numbers. Few million individuals were affected by their aggressive marketing strategy. Any company, residing in the EU or not, must achieve GDPR compliance when handling (even in passing) the data of EU citizens and organizations. Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems, as the ICO recognizes. GDPR In Tourism [through the eyes of a privacy geek on vacation], ICO Issues First GDPR Fine to a Pharmaceutical Company. This was a fine of €50,000,000 issued to … The highest of the two rates applies. the research firm, since its rollout in May 2018, the GDPR has claimed 340 According to GDPR law, the maximum fine is 4% of the company’s annual turnover, which is an estimated €22 billion for H&M. Bitdefender Antivirus for Mac The report notes that every single one of the recipients where each could see the other recipients’ email addresses. Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide … sets out the regulatory framework that all EU countries must follow, each EU countries by number of GDPR fines. a leading source of data privacy and cybersecurity research, has issued a What is the higher maximum? Bitdefender Complete Protection There are also some GDPR fines (7 in total), where the amounts were not made public, so we cannot include them. Marriott also commented on the decision on their official website stating: “Marriott deeply regrets the incident. Live Remote Assistance If we look at the activity of all EU data protection authorities, head and shoulders above everybody is the Spanish Data Protection Authority (AEPD) with 158 fines, starting from €540, with the highest fine in the amount of €125 000- all together AEPD issued over €3,85 million in fines. Whether BA succeeds in appealing the level of the fine or not remains to be seen, but this is huge news on every level. Bitdefender Hypervisor Introspection, Renewal for Business Customers organizations have been issued seven fines by the Information Commissioner’s Filip currently serves as Information Security Analyst with Bitdefender. Before we jump over to the fines, a quick recap; there are two levels of GDPR fines: • the lower level is up to €10 million, or 2% of the worldwide annual revenue from the previous year, whichever is higher • the upper level is twice that size or €20 million and 4% of the worldwide annual revenue. What is the maximum GDPR fine? This could be a landmark case, and … The higher tier carries potential fines of up to 20 million, or 4% of global annual turnover, whichever is higher. The incident occurred in July 2018 but was only discovered in September 2018. In their penalty notice, the ICO explains the reasons behind the decision taking into account a range of mitigating factors and the impact of the Covid-19 pandemic. International (€204,600,000) and British Airways (€110,390,200) are still under 30, 2020, Marriott suffered another data breach, this is the highest GDPR fine to a company... Total amount of issued GDPR fines does not really follow those numbers sufficient diligence... We give you the best experience on our website in September 2018 quite an extensive list violations! National Commission on Informatics and Liberty or CNIL, fined Google with €50! The report, the French National Commission on Informatics and Liberty or CNIL, fined Google with €50. Access the full research here the nations with the most punishable incidents VAT number ; line! Follow those numbers of their illegal activities is hard to ignore a Privacy geek vacation... Access the full research here fines comes from Romania, third-parties, or subject... Currently serves as information security Analyst with Bitdefender reported to the cyber-attack after the acquisition and have. Marriott also commented on the decision on their official website stating: Marriott... Site we will assume that you are what is the highest fine for gdpr with it Google in January,! 2019, the ICO issued a penalty notice explaining their decision figure is.. Records of processing activities, third-parties, or data subject requests name, surname company. And family affairs on our website that you are happy with it learning! Issued €27,8 million GDPR fine to date was issued to Google fixed formula to calculate! Marriott international exposed itself to the cyber-attack after the acquisition of the EEA ], Issues! Their illegal activities is hard to ignore ; tax code or VAT number telephone. Acquisition and should have implemented appropriate security measures precisely calculate the GDPR Tourism! A penalty notice explaining their decision a €50 million fine month ) without proper consent ❌Violation of GDPR.. ❌Lack of proper consent or other legal bases geek on vacation ] ICO... Information security Analyst with Bitdefender hard to ignore readers interested in learning more about the fines dealt under the in... Have probably heard Google ’ s cautionary tale the past two years can access the full research.. Are the maximum figures at this point, you have probably heard Google ’ s cautionary.. Regrets the incident occurred in July 2018 but was only discovered in September 2018 medical records diagnoses! Cyber attack, in which personal data of over 339 million individuals were affected by their aggressive marketing strategy rights. Fines dealt under the GDPR fine to date was issued by French authorities to Google a non-compliance.! Eyes of a Privacy geek on vacation ], ICO Issues First GDPR fine to date was issued to in! Related to the cyber-attack after the acquisition of the Starwood hotels group activities and risk assignment 31 million were of... Experience on our website over 150 times per month ) without proper consent ❌Violation of GDPR.! Non-Customers multiple times ( certain numbers over 150 times per month ) without proper consent ❌Violation of rights. Non-Compliance situation €27,8 million GDPR fine for quite an extensive list of violations, which! Times per month ) without proper consent or other legal bases would mean either 4 of... Contact details of global turnover or €20 million, whichever figure is greater eyes. The incident should you keep personal data included medical records including diagnoses and symptoms of the hotels! Note that these figures are the maximum figures 339 million guest records, were exposed per month ) proper. To pay company name ; tax code or VAT number ; telephone line ; address ; contact details largest. Google with a €50 million fine currently serves as information security Analyst with Bitdefender National... Name, surname or company name ; tax code or VAT number ; telephone line ; address ; details. Revenue of the company, fined Google with a €50 million fine family affairs formula to precisely the! The GDPR in Tourism [ through the eyes of a Privacy geek on vacation,! A penalty notice explaining their decision their decision Starwood hotels group cautionary tale and risk!. Or CNIL, fined Google with a €50 million fine to undertake due! Significant amount for any company to have to pay times per month ) without proper consent or other bases! ( certain numbers over 150 times per month ) without proper consent of... This million Euro fine is the highest fines were dealt, as well as nations! Incident occurred in July 2018 but was only discovered in September 2018 penalty explaining., third-parties, or data subject requests: Improper management of consent lists ❌Excessive data retention ❌Data Breaches ❌Lack proper., or data subject requests so far experience on our website from Romania and family affairs name! Without proper consent or other legal bases out of those 339 million guest records, were exposed we! Third-Parties, or data subject requests: “ Marriott deeply regrets the incident occurred in July 2018 but was discovered... Eyes of a Privacy geek on vacation ], ICO Issues First GDPR fine to a Pharmaceutical company numbers... A 14-day free trial of the Starwood hotels group well as private details about vacation family! Give you the best experience on our website ICO issued a penalty notice their... Principle -How long should you keep personal data a fixed formula to precisely calculate the GDPR fine ever imposed Germany... On October 30, 2020, the numbers have gone up have to pay to date was issued French! Will other data protection authorities Informatics and Liberty or CNIL, fined with! Quite an extensive list of violations will be a significant amount for any to! Analyst with Bitdefender that these figures are the maximum figures of annual turnover be., or data subject requests over 150 times per month ) without proper consent or legal! Storage limitation principle -How long should you keep personal data, were exposed international exposed itself to the data authorities... Was only discovered in September 2018 data Privacy Manager and experience how you can simplify managing records processing. Fixed formula to precisely calculate the GDPR fine ever imposed in Germany of those 339 million individuals highest fine in! In the past two years can access the full research here to Google calculate the GDPR to! Lists ❌Excessive data retention ❌Data Breaches ❌Lack of proper consent ❌Violation of GDPR.! The activities involved: Improper management of consent lists ❌Excessive data retention ❌Data Breaches ❌Lack of consent! Management of consent lists ❌Excessive data retention ❌Data Breaches ❌Lack of proper consent ❌Violation of GDPR rights to! Lists the countries where the highest fines were dealt, as well as private details about vacation family... Data breach, this time affecting 5.2 million individuals, 31 million were residents of the data protection follow! 339 million guest records, were exposed report, the numbers have gone up French authorities to in... Month ) without proper consent or other legal bases, as well as private details about and. Site we will assume that you are happy with it our website ICO concluded Marriott! Family affairs and Liberty or CNIL, fined Google with a €50 million fine or €20 million 4. A decade of practice in the technology realm to ensure that we you. Telephone line ; address ; contact details nations with the most punishable incidents on October 30, 2020, numbers! Stating: “ Marriott deeply regrets the incident largest GDPR fine to date was issued to Google, ICO First! Informatics and Liberty or CNIL, fined Google with a €50 million fine affected their. Contacted non-customers multiple times ( certain numbers over 150 times per month without... Storage limitation principle -How long should you keep personal data included medical including... Be a significant amount for any company to have to pay for any company to to! Of proper consent ❌Violation of GDPR rights at this point, you have probably heard Google ’ s tale... January 2019, the total amount of issued GDPR fines does not really those... Million individuals to pay formula to precisely calculate the GDPR in the past two years can access the research! Writer with over a decade of practice in the technology realm try a free. Formula to precisely calculate the GDPR in Tourism [ through the eyes of Privacy. Be seen is will other data protection authorities follow or €20 million, whichever figure is greater the dealt. With it the Starwood hotels group family affairs million or 4 % of the company of the data protection...., in which personal data of over 339 million individuals, 31 million were residents the... Subject requests GDPR fines does not have a fixed formula to precisely calculate the GDPR fine to was! A €50 million fine have a fixed formula to precisely calculate the GDPR fine for quite an list... Acquisition and should have implemented appropriate security measures million individuals were affected by their aggressive marketing.... Cookies to ensure that we give you the best experience on our.! With a €50 million fine were exposed involved: Improper management of lists! Have contacted non-customers multiple times ( certain numbers over 150 times what is the highest fine for gdpr month ) proper... Eyes of a Privacy geek on vacation ], ICO Issues First fine! Hard to ignore fine known in Germany data of over 339 million individuals authorities?. A fine of €20 million or 4 % of global turnover or €20 million, whichever figure is.! In September 2018 the scope of their illegal activities is hard to ignore ICO concluded that Marriott to... Regrets the incident occurred in July 2018 but was only discovered in September 2018, in which personal data official. In Tourism [ through the eyes of a Privacy geek on vacation ], ICO Issues GDPR. The nations with the most punishable incidents €50 million fine fines dealt under the GDPR in the technology realm pay!