The latest update on the GDPR fines is enlisted below and it shows that privacy is not dead.
PWC BS
Fine: € 150 000
Reason: inappropriate legal basis (consent) and violation of the principle of accountability
DPA: HDPA (GR)
Data Subjects: employees
Marriott International
Fine: £ 99 200 396
Reason: data breach
DPA: ICO (UK)
Data Subjects: customers (399 M)
British Airways
Fine: £ 183 390 000
Reason: data breach
DPA: ICO (UK)
Data Subjects: customers (500 K)
Taxa 4×35
Fine: € 160 000
Reason: failure to delete customers’ data
DPA: Danish DPA (DK)
Data Subjects: customers (9 M)
Municipality of Bergen
Fine: € 170 000
Reason: inadequate data security
DPA: Norwegian DPA (NO)
Data Subjects: users (35 K)
Fine: € 50 000 000
Reason: lack of transparency, inadequate information, lack of valid consent regarding the ads personalization
DPA: CNIL (FR)
Data Subjects: users
Uniontrad Compan
Fine: € 20 000
Reason: the video surveillance systems it set up to monitor its employees
DPA: CNIL (FR)
Data Subjects: employees
EE Limited
Fine: € 100 000
Reason: direct marketing messages to its customer without consent
DPA: ICO (UK)
Data Subjects: customers (2,5 M)
Fine: € 1 000 000
Reason: Cambridge Analytica (€ 1 M)
DPA: Garante (IT)
Data Subjects: users
Fine: € 2 000 000
Reason: breaching the country`s law on internet transparency
DPA: Federal Office of Justice (DE)
Data Subjects: users
Österreichische Post AG (ÖPAG)
Fine: € 18 000 000
Reason: processing personal data on the alleged political affinity of affected data subjects
DPA: The Austrian data protection authority (DPA)
Data Subjects: users
