When Europe’s strict set of data protection rules came into force nearly seven years ago, privacy campaigners, industry experts, and lawyers all warned that noncompliance could result in eye-watering fines and other costly sanctions, especially for repeated breaches. However, the reality appears to be very different.
On average, only 1.3 percent of cases before EU data protection authorities (DPAs) result in a fine, according to a report by privacy campaign group Noyb, which based its research on figures from the European Data Protection Board (EDPB), the EU’s key enforcer of the General Data Protection Regulation (GDPR). At the same time, Noyb said large companies can easily ignore access requests without serious consequences. This apparent lack of enforcement seems to be very specific to data protection, the group added.
