The year 2020 witnessed these biggest GDPR fines


Google was awarded $56.6 million or €50 million penalty in March 2020 by the France data watchdog for failing to provide transparent information to users about its rules and regulations pertaining to data collection related to its products and services.

H&M Germany had to face a penalty of $41 million or €35 million for fraudulently keeping a watch on its hundreds of employees for reasons. For instance, as soon as the employees took sick leave and were about to join the office, they were asked to attend a return-to-work meeting that was recorded and the video was passed on to over 50 H&M Managers to get atleast 50% of their consent for attending the office again.

Telecom Italia aka TIM was also hit by a GDPR fine of $31.5 million or €27.8 million and the penalty was awarded by the Italian Data Protection Authority for indulging in extreme marketing techniques that involved unsolicited calls, messages and emails.

British Airways was slapped with a $26 million fine or €21.8 million for failing to protect the data of its 400,000 customers that also involved 40,000 of British citizens. And the details that were found to have been accessed by hackers were login info, payment card info, names, addresses and some passport details. Note- Originally they were slapped with $238 million penalty for the data breach that took place in 2018. But as the airlines business is down due to the corona virus lock down, the penalty was vitiated by the Information Commissioners Office.

Marriott was slapped with a penalty of $123 million for failing to protect the information of its 382 million customers and that includes details of names, passport numbers, payment card details and addresses along with some flight reservation data. But the fine was lowered to $23.8 million or €20.3 million as the hotel chain business was negatively impacted by the worldwide lock-down.

Note- If we observe it carefully, most of the GDPR fines were pronounced for indulging in extreme marketing tactics, failure to remove personal information when requested by the online service users in Europe, and unlawful collection of personal information related to employees by their employers and failing to protect their customer or client data from hackers access.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display