Analysis reveals two key reasons behind 65% of GDPR fines

New analysis from Exonar has revealed that organisations across Europe have suffered GDPR fines to the tune of £313m by failing to have appropriate security in place and storing unsecured data. So far 50 penalties totalling £482m* have been issued under GDPR, with the vast majority (almost 65%) down to these two key issues.

Exonar’s analysis shows that 39% of GDPR related fines were the result of insufficient security, with affected companies including British Airways, Active Assurances and DSK Bank. These fines have totalled £188,865,900 to date.

Unsecured and over-retained data was responsible for 26% of fines totalling £123,663,350, from high-profile organisations such as Marriott, as well as Deutsche Wohnen and 1&1 Telecom.

Unlawful use of personally identifiable information (PII) and failure to comply with Data Subject Access Requests (DSAR), such as in the case of Vodafone and Google, was responsible for 19% of fines totalling £92,055,300. The remaining 16% totalled £77,135,050 and comprised a range of issues, such as Uber’s failure to report a breach fast enough, Unicredit’s incorrect sharing of data and H&M’s massive £32m fine this month for unlawful use of employee data.

Exonar’s CEO, Danny Reeves, said: “Nearly 65% of GDPR fines were caused because of insufficient security and storing unsecured data. Securing your data first can play a vital role in not only meeting GDPR standards but also help mitigate the risk of the insufficient security – as it will be harder for hackers to access any data in the event of a breach.”

Reeves continued: “Many organisations simply don’t know what data they’ve got, or how much over-retained data they hold because it is no longer visible. Dark data like this is a point of weakness in any organisation – and in order to fully secure the data, organisations need to first get a clear understanding of what data they hold.”

Read the latest edition of PCR’s monthly magazine below:


Check Also

Cradlepoint’s new R1900 ruggedised router for vehicles with advanced IoT connectivity and edge computing

 Cradlepoint’s new R1900 Ruggedised 5G Edge Router is the first product to utilise Cradlepoint’s second-generation 5G …