Browse By

These are the worst companies for GDPR violations

These are the worst companies for GDPR violations

Research from digital identity security specialists, ID Crypt Global, reveals which brands are being most careless with our personal data and have therefore been issued the biggest GDPR fines since records began.

ID Crypt has analysed fines issued to companies for breaching General Data Protection Regulation (GDPR) laws, to see which brands have been the worst offenders in the UK and Europe since the regulations began.

GDPR, introduced in 2018, is a regulation in EU law concerning digital protection and privacy. It governs the way in which businesses can collect, process, store, and use personal data such as names, addresses, browser history, finances, etc.

If companies fail to oblige by the rules set out under GDPR, they can be fined. The more significant the breach, the more severe the fine.

The analysis by ID Crypt shows that since GDPR’s introduction, the average (mean) fine issued sits at €2.2 million, but the largest single fine ever issued was a remarkable €1.2 billion.

This fine was issued to Meta Platforms Ireland Ltd, Facebook’s parent company in Europe, for what is described as ‘Insufficient legal basis for data processing’.

In fact, Meta, or its subsidiaries of Facebook and WhatsApp, has received six of the ten largest GDPR fines ever issued across the whole of Europe, fines that combine to a total of around €2.5 billion.

As for the UK, the largest GDPR fine in UK history was a €22 million penalty issued to British Airways for what was deemed to be ‘insufficient technical and organisational measures to ensure information security’.

The other worst offenders in the UK are Marriott International, Inc (€20.5m), TikTok (€14.5m), and Clearview Al Inc. (€9m).

CEO and Founder of ID Crypt Global, Lauren Wilson-Smith, commented:

“Personal data is incredibly sensitive and powerful. It combines to form our digital identity which we are all increasingly reliant on when it comes to navigating our way in a digital-first society.

It’s disappointing to say the least that such a wide range of brands, including some of the most powerful companies in the world, are playing hard and fast with the rules and, in doing so, failing to provide their loyal customers with the personal security they’re entitled to.

As we move forward, one has to hope we see a dramatic drop in the number of GDPR breaches and their severity. Any period of adjustment or acclimatisation that businesses in Europe have been going through is now well and truly over.”