Top 10 GDPR breaches of 2019 cost £345m in fines

The ten most serious GDPR breaches this year led to a total £345m in fines, with the three highest penalties making up almost 90% of the total. This is according to research from, which is warning organisations to protect consumer information to the letter.

Setting the tone for future penalties, the Information Commissioner’s Office in July of this year announced its intention to fine British Airways £183.39m for infringements of the General Data Protection Regulation, following a cyber incident notified by the airline in September 2018 that affected the personal and payment information of up to half a million BA customers.

Later that week, the ICO announced that Marriott International may be looking at a fine of over £99m for infringements of the new data rules, in an incident that exposed around 339 million guest records, and putting an end to any doubt around how seriously the watchdog is taking the issue of data privacy.

And with £44m in fines, Google ranked third on the list of the highest data breach penalties in 2019, a penalty imposed by France's data protection regulator, CNIL following the tech giant’s failure to provide enough information to users about its data consent policies.

Since May 2018, all the European data protection authorities have received a combined 90,000 breach notifications.

    Share Story:

Recent Stories