Nearly €1.1 billion in fines have been imposed for a wide range of infringements of Europe's General Data Protection Regulation, a new survey shows today.
This represents a 594% annual increase in fines imposed since January 2021, according to international law firm DLA Piper's latest annual General Data Protection Regulation (GDPR) fines and data breach survey.
A total of 6,802 data breaches were reported to the Irish Data Protection Commission in the past 12 months, the survey shows.
Ireland recorded the sixth highest level of breach notifications across Europe and fourth highest on a per capita basis.
The survey shows that Luxembourg, Ireland and France top the rankings for the highest individual fines - €746m, €225m and €50m respectively.
Luxembourg and Ireland have each imposed record breaking fines moving them from the bottom to the top of the league tables.
John Magee, Partner and Head of Data Protection & Information Security at DLA Piper Ireland, said it is four years since the implementation of GDPR and we are now seeing significant fines imposed for a wide range of infringements of Europe's rigorous data protection laws.
"This year, regulators have issued record fines surpassing €1 billion and Ireland now ranks second overall for total fines to date, demonstrating the significant position and influence of the Data Protection Commission (DPC) in the EU," Mr Magee said.
"Given that Ireland is home to some of the world's largest-data businesses there is no doubt that the DPC will continue to play a central role in the enforcement of GDPR in Europe," he added.
DLP Piper said that while the increase in fines may be significant, the judgment of Europe's highest court in Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems in July 2020 known as "Schrems II" continues to be the top data protection compliance challenge for many organisations caught by GDPR.
"The Schrems II judgment has effectively shifted the problem and burden of a fundamental conflict of laws from the politicians and lawmakers to individual data exporters and importers. Meeting the requirements of Schrems II is a challenge even for the most sophisticated and well-resourced organisations," Mr Magee said.