Tsaaro, a leading data privacy and cyber security services provider revealed the key findings of its survey on the penalties under GDPR and its enforcement trends wherein the penalties imposed on the META platforms contribute 82.6% of the total fines. The Privacy Fines Report 2022 is the first of its kind that adopts a bird’s eye view of privacy fines and analyses them as a whole. For the purpose of the report, Tsaaro has analyzed approximately 500 fines & penalties that data protection authorities within the EU have imposed under the EU GDPR. Tsaaro also cautions Indian corporates of a similar leak in India which is currently not reported or assessed but with structures in place, India will be seeing a similar story in the EU.
Furthermore, the fines on privacy not only seek to rectify wrongs committed but also set a precedent for corporations as it depicts that privacy breaches are not to be taken lightly and non-compliance would put them in hot water with the authorities. With this initiative, Tsaaro Solutions with its first annual Report on Privacy Fines (2022) aims at being informational not just to consumers, but also to the corporations to whom the compliance measures of GDPR would apply.
Commenting on the same, Akarsh Singh, co-founder, and CEO of Tsaaro, said, “It is always extremely important for corporations and consumers to be acquainted from time to time with the facts and realities of the rapidly developing world which is taking place at the expense of personal data – a fact that is often hidden in plain sight. Our commitment to privacy is the cornerstone of what we do at Tsaaro and therefore the First Annual Tsaaro Report on GDPR Fines & the Privacy Landscape of 2022 is a product of the same commitment. “
Additionally, the report also takes an industry-specific approach to provide an overview of the industries with the maximum number of violations. It provides insight into the countries which topped the chart with the highest aggregate penalties; and throws light on the GDPR articles which were infringed on the most.
Key findings
-
82.6% (697 million) of the total fines account on the META platforms
-
Media, Telecom & Broadcasting Industry Accounted for about 86% of the total fines
-
In the Finance, Insurance & Consulting sectors, roughly 26% violated Article 5 of the GDPR
-
Nearly 29% of the penalized companies in the Transport & Energy sector violated Article 6 of the GDPR
-
Public Sector Entities & Educational Institutions were heavily penalized, contributing to about 10% of the total fines imposed
-
In 2018, there were 12 penalties with €500,000
-
In 4 years, the penalties increased to 166x times
-
In 2022, the penalties increased to 440 with €831,258,610
-
It is possible to be fined up to 20 million euros for particularly serious violations listed in Article 83(5) GDPR, or up to 4 of the preceding fiscal year’s total global turnover for undertakings
-
A lesser-severe violation is defined in Art. 83(4) GDPR as one that may result in a fine of no more than 10 million euros or 2% of a company’s worldwide sales during the preceding fiscal year, whichever is higher
-
Top 5 provisions for which organizations were penalized were Articles 5, 6, 12, 13, 32
