Report shows Ireland has imposed the highest-ever single GDPR fine
Global law firm DLA Piper has released the findings of its annual General Data Protection Regulation (GDPR) and data breach study, offering insights into Europe's enforcement and compliance landscape.
The report analyzed the cumulative fines imposed since the GDPR came into effect on May 25, 2018, and ranked countries based on the fines issued in 2023. Ireland has emerged as the leading country regarding the total value of GDPR fines, a position it has held since the regulation's inception.
This year, Ireland has also set a new record by imposing the highest-ever single GDPR fine, surpassing Luxembourg's previous record. The report placed Austria in tenth for the total fines, amounting to under € 25 million, and fourteenth in the number of data protection violations, with 1,062 incidents reported.
The GDPR, which aims to give individuals control over their personal data and simplify the international business regulatory environment, has seen significant enforcement actions across Europe, DLA Piper reported. Furthermore, according to the firm, Ireland's position as a tech hub for Europe contributes to its high volume of GDPR fines, with sanctions totalling € 2.86 billion since GDPR enforcement began.
The report highlighted the € 1.2 billion fine against Meta in Ireland as the highest ever, emphasizing the European supervisory authorities' continued focus on the GDPR's restrictions on transferring personal data to third countries.
Germany reported the highest number of data breaches, followed by the Netherlands and Poland, with approximately 32,000 incidents. Austria reported around 1,000 breaches, placing it in the middle of the pack.
Key findings from the DLA Piper study include:
- European data protection authorities imposed fines totalling € 1.78 billion in 2023, marking a 14 percent increase from the previous year.
- The largest fines predominantly targeted global companies in the social media and big tech sectors.
- The most common reason for fines across analyzed countries was non-compliance with the GDPR's basic principles.
- An average of 335 breaches were reported daily in 2023, maintaining the high level of security breach reports from the previous year.
"The risks for companies of non-compliance with the GDPR are considerable. The results of the study make it clear that targeted risk management and data protection compliance are also highly relevant for Austrian companies to prevent sanctions in the event of violations," said Sabine Fehringer, partner and IT/IP country head of DLA Piper Vienna.
The DLA Piper GDPR and data breach report covers all 27 European Union member states and the United Kingdom, Norway, Iceland, and Liechtenstein, providing a benchmark for GDPR enforcement and compliance across Europe.