GDPR enforcement in 2023
Recently, in May of this year, GDPR turned 5. So, are EU countries enforcing it? What are its real life effects on companies and regular people? First, let’s look at some outstanding incidents of GDPR enforcement in 2023. Then, we’ll review what we can learn from them.
Who enforces GDPR?
Each EU member state has its own data protection authority (DPA) or agency. Essentially, these authorities are responsible for overseeing and enforcing GDPR compliance within its jurisdiction. To this end, they investigate complaints, issue fines and provide data privacy guidance.
Indeed, local data protection authorities can provide a wealth of resources for companies. It’s a good idea to browse your local agency’s website for the most up-to-date compliance information for your area.
Together, these agencies form an umbrella organisation called the European Data Protection Board (EDPB). For its part, the EDPB helps all EU data authorities act as one to make sure everyone’s rights are protected. Further, it can weigh in on the interpretation of data protection and intervene when key legal issues are at stake.
GDPR enforcement statistics 2023
Almost 300 GDPR fines have been reported so far in 2023, according to the website enforcementtracker.com. Here are some highlights about fines that got our attention:
- Spain had the heaviest enforcement, with 147 fines leveled in the last 8 months
- The highest fine over all went to Meta Platforms, for €1,200,000,000
- The highest fine for an EU company was €40,000,000 (CRITEO)
- Fines for small businesses in Europe ranged from €300 to €215,000
Let’s look at some details about these fines.
Who is getting GDPR fines, and why?
Moving on to the types of companies fined, these included:
- Estate agents
- Insurance companies
- Marketing companies, and more.
Now, let’s shift our focus to the what led to the fines. For example, some common violations that caught our eye were:
- Storing personal data of registered users indefinitely
- Incomplete records of processing activities
- Failure to respond to data rights requests
- Failure to notify breaches within 72 hours
Usually, small and medium businesses are not caught committing egregious abuses of people’s data on a large scale. Instead, they simply fail to put basic GDPR framework and policies in place. Unfortunately, this leaves them vulnerable to breaches and unprepared to respond when they occur.
What can we learn from GDPR statistics?
After reviewing GDPR enforcement data for 2023, it’s clear that the same issues we see the average company struggling with are, in fact, causing data privacy violations and fines. Therefore, it pays to focus your attention on a few key compliance tasks.
- Updating your privacy policies
- Deleting data you no longer need
- Monitoring your data storage
- Responding promptly to data rights requests
Of course, the specific needs of each company are different. However, any company that processes personal data should stay on top of the tasks above.
Usually, your difficulty as a small business owner is, first and foremost, a lack of time, resources and training to get started. Then, going forward, you may have a hard time monitoring you everyday compliance.
Unlike larger companies, you probably do not have a legal team on retainer or the budget for complicated enterprise solutions. That’s why, at Safe Online we’ve created simple, affordable GDPR compliance tools designed for small businesses.
Would you like a free GDPR analysis to help find your companies weak spots and correct them?
Book a free GDPR analysis.