UK Ranks Second Highest in GDPR Fines

A new report from cybersecurity company ESET found that the UK ranks second highest in average GDPR fine value ($10 million), despite issuing the lowest number (five) of GDPR fines in the EU. Spain issued the highest number of fines (273), while Luxembourg issued the highest value fines.

The report found that more than 650 fines totaling more than $320 million have been issued since GDPR took effect in May 2018. The highest fine, $875 million, was leveled against Amazon for its misuse of data in advertising schemes. However the large majority of the 650 or so fines were handed down for “insufficient legal basis for data processing,” which accounted for the highest number of fines and value of fines.

In close second for violations? “Insufficient technical and organizational measures to ensure information security.”