Top 10 GDPR breaches of 2019 cost £345m in fines

The ten most serious GDPR breaches this year led to a total £345m in fines, with the three highest penalties making up almost 90% of the total. This is according to research from, which is warning organisations to protect consumer information to the letter.

Setting the tone for future penalties, the Information Commissioner’s Office in July of this year announced its intention to fine British Airways £183.39m for infringements of the General Data Protection Regulation, following a cyber incident notified by the airline in September 2018 that affected the personal and payment information of up to half a million BA customers.

Later that week, the ICO announced that Marriott International may be looking at a fine of over £99m for infringements of the new data rules, in an incident that exposed around 339 million guest records, and putting an end to any doubt around how seriously the watchdog is taking the issue of data privacy.

And with £44m in fines, Google ranked third on the list of the highest data breach penalties in 2019, a penalty imposed by France's data protection regulator, CNIL following the tech giant’s failure to provide enough information to users about its data consent policies.

Since May 2018, all the European data protection authorities have received a combined 90,000 breach notifications.

    Share Story:

Recent Stories

Your people and the pandemic: Are you doing enough?
Employee health, well-being and security have always been a vital part of risk management, and as organisations seek ways to ensure a smooth, successful and sustainable return to operations amid the evolving environment, careful consideration has to be given to all these areas, and quickly. Published August 2020

Responding to COVID-19: A safe and secure return to work
Learn more from the experts that worked on the recovery of the Diamond Princess. Published July 2020