Back to Blog

Comply with GDPR or pay hefty fine

Published on: 2022-2-5

The General Data Protection Regulation has been in effect for more than four years. That sound like a lot. We could think that ample time get all the codified rules implemented. Let's rejoice at the feeling of newfound privacy.

Core Facts About GDPR Fines

GDPR, with its fines, is a strong deterrent. Right?

Spoiler alert: It isn't. But believe us, it should.

Challenge

Unfortunately, we are far from reaching satisfactory levels of proper attention paid to our Personal Data.

We challenge you to pick an Internet website which you frequent. Don't press Accept on Cookie Banner just yet. We know it is distracting, and it made the site unusable in the first place.

In the browser, open the inspection tool and view traffic and cookies generated. If you don't know what we are talking about, don't worry.

We can almost guarantee you that the site you visited broke the law.

Even without knowing which site it was, we can guess:

  • The Consent Form (aka Cookie Banner) has faulty implementation and sets cookies even if you decline.
  • That is if you are lucky enough to have a clear Decline option in the first place.
  • Lastly, under the pretext of necessary functionality, you might still end up being exposed to spying, say by Google.

The website owner is also for sure not malicious nor of criminal intent. The owner of the previously mentioned hypothetical Internet property is doing that for a few reasons.

GDPR is infamous for complicated language and its general complexity. Given its far-reaching impact on everyone in the EU and beyond, it should be more straightforward. We envy the quality of GOV.UK documents created under curated guidelines. The cottage industry of experts that emerged around this legislation amplifies the confusion.

The Cookie Banner is likely a third-party tool. The vendor assured us that the software is GDPR compliant. We are getting business off the ground and are growing towards the next stage. We take this assurance at face value because dissecting complex legislation feels not inside of our core competency.

The business just took off, and competition is fierce. The organization needs help, so the marketing, sales or operation team enables Google Analytics. It is free. It feels like a no brainer. Immediate feedback gives the business perception that it was a win. However, there were warnings on Google's website. The IT folks will deal with it later.

What comes next is either one or multiple stages of denial like:

  • GDPR is a scarecrow; nobody gets fined.
  • We are small. Nobody will notice.
  • Everyone does it.

If you are using any of these three types of justifications, we suggest you revisit your priorities.

GDPR is a scarecrow; nobody gets fined

It is only February 2022 and the total amount of fines applied in the year 2022 amounts to €17 813 100.

In the year 2021, that amount reached astonishing €1 304 648 113. That is a hefty increase from €171 582 286 in 2020.

GDPR Fines Per Year

Penalties for GDPR violations and resulting fine are a norm

Thus far, a total of 964 fines have been issued. And authorities are picking up the pace.

We are small; nobody will notice

In 2021, the number of fines under € 20K reached 248. The list of offenders included:

  • Travel Agency,
  • Private Individual,
  • Physician,
  • a university,
  • and multiple private SMEs.
Percentage of GDPR Fines Under 20k EUR

It is safe to say that there is no such thing as too small when it comes to enforcing Articles of GDPR.

Everyone does it

This argument is contentious, as you can imagine. We proved that a lot of businesses get caught violating the rules. A lot of others fly under the radar. And there are many of those who make the best effort to address the legal requirements.

The question is to you, do you value running a compliant business?

What can you do?

There is no easy way out. No Get out of the Jail Card. The cost of running a business is an adherence to the laws it operates in. Compliance with Data Protection regulations should not be an aspirational goal. It is your responsibility.

Start Analyzing Traffic Today!
Get privacy-friendly and GDPR-compliant web analytics today. Start gathering valuable insight from day one. Widen you view, widen your lead. FREE Trial!

Fine statistics have been sourced from GDPR Enforcement Tracker.

© 2024 Input Objects GmbH. All Rights Reserved.

No AI Training allowed. No republishing without prior permission. Expand for the full text.

The content, including but not limited to text, images, graphics, and other material on this website ("Content"), is protected by copyright laws. Unauthorized use, including scraping, republishing, or use for training artificial intelligence models, is strictly prohibited without explicit written permission from Input Objects GmbH ("Company").

Notwithstanding the above, indexing of the Content by search engines for the purpose of listing in search results is permitted, provided that any displayed snippets of the Content are linked directly to the relevant page on this website and are accompanied by clear attribution to the source.

No part of the Content may be republished, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the Company, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.