GDPR fines found to vary wildly across EU

Regulatory activity under the European Union’s General Data Protection Regulation certainly increased during 2019, but not quite to the ‘mega-fine’ degree that was expected. The most notable outcome from a year with the GDPR was instead the considerable variance in penalties issued by different regulators throughout the bloc.

This is the key finding from insurer Beazley’s latest Breach Insights Report, which analyses the actions of data protection regulators across the EU and the impact on organisations which, while based elsewhere, are still subject to the rules through their business structure or customer base.

Fines handed out by the Information Commissioner’s Office in the UK have been rare compared with those issued by other European regulators, which have been considerably more active, with Belgium, Bulgaria, France, Germany, Greece, Hungary, Italy, Lithuania, Netherlands, Norway, Poland, Romania, Spain and Sweden particularly active.

Head of Beazley Breach Response Services, Katherine Keefe commented: “The extraterritorial provisions within the GDPR means organisations in the US and other non-EU territories may be subject to the GDPR due to having either customers or offices in countries subject to the rules.

“It is, therefore, all the more important that they track the enforcement developments to understand how they could be affected. Knowing how to manage and report a cyber breach helps organisations to both prevent and recover from an incident and avoid a sizeable fine if the breach is mishandled.”

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement