Finbold data indicates that in Q1 2021, EU countries will hit €33.6 million in GDPR fines.
As a month-to-month comparison, the number of penalties recorded was high in January, with penalties reaching €17.5 million. This figure dropped in February by almost 91% to only €1.7 million, followed by a massive increase to the sum of €14.29 million by the time March arrived.
Spain suffered the most fines, totalling €15.7 million derived from 34 cases involving various penalties imposed by regulators. In second place was Germany with just three fines totalling €10.7 million. These two countries alone made up for 78.5% of all fines from across the European Union.
Next was Italy with a total of 20 violation cases amounting to over €5.6 million. Followed by the Netherlands fourth place, bringing a drastic drop in the monetary value of penalties, with €440,000 due to a single issue.
Following the Netherlands closely was Norway, with a total amount of €382,750 stemming from 12 cases and France with three penalty cases that added up to €245,000 in fines. The Czech Republic had a single case that drew in penalties of €118,500 from the fine.
With four cases from Belgium that resulted in €86,000 in fines, Poland was close behind, with a total of €81,300 coming from five penalty cases. Cyprus makes the top ten countries on the list, with four cases totalling €81,000 in fines.
What does this mean for European regulators?
The high fines in Q1, 2021, have given European regulators an obligation to hold organisations accountable. The significance of the fines, while the GDPR law is still new, is explained in the Finbold report.
The research report outlines a direct connection to the increase in GDPR fines when new laws came into effect a little less than three years ago. Enforcement authorities played a crucial role in implementing laws, which helped European regulators act on the new regulations.
With an enhanced ability to detect instances where personal data violations occurred, it was possible to impose higher fines and penalties to act as a deterrent. As these laws gave the affected consumers more control, spotting violation cases greatly improved.
Conclusion: it could be a lot worse
It is worth noting that not all member states provided full details of data breaches. The lack of data could indicate that fines may be substantially more and give an accurate or complete picture of the GDPR enforcement.