Photo by ROOM on Unsplash [Download]

GDPR fines were meant to rock the data privacy world. They haven't

Since then some of the hype around the data law has waned, but there's still one thing that gets people excited: fines.

Under the law, data protection regulators across Europe have boosted powers to punish companies and organisations who are found in breach of GDPR.

The most serious consequences can be fines of up to 20 million or four per cent of a firm's global turnover .
These are larger than the 500,00 penalties that could be issued by the UK's regulator, the Information Commissioner's Office, under the old data protection rules.

Before GDPR was enforced there were outlandish predictions that businesses would be hit with huge fines for data protection issues. Some estimates claimed GDPR fines would be 79 times higher than those under previous rules; others said banks would be hit with fines of up to 4.7bn in the coming years.

Unsurprisingly there hasn't been a huge deluge of fines running into millions or billions of euros, but the EU's 28 data protection regulators are slowly beginning to flex their enforcement muscles including against big tech companies.

After the first year of GDPR, the European Data Protection Board reported that nations had examined 206,326 cases under the law.

In a summary of its decision, CNIL broke the fine down into two areas: not providing enough information about how Google uses information provided to it from across 20 different services and not correctly gaining consent for processing user data.

Get WIRED Weekender, your at-a-glance roundup of the most important, interesting and unusual stories from the past week.

Original article