The number of fine notices increased by 60 percent in 2020
No time right now?
In 2020, German data protection authorities imposed more fines for GDPR violations than ever before. By far the highest penalty came from H&M – over 35 million euros.
The Swedish fashion retailer H&M is said to have researched the private living conditions of hundreds of employees at its Nuremberg location. The fine that was then imposed in autumn for violating the General Data Protection Regulation (GDPR) amounted to 35.3 million euros. There had never been such a high penalty in Germany before. In Europe, only Google – 50 million euros fine in France – had to accept a higher fine. Overall, more fines were imposed in Germany for GDPR violations in 2020 than ever before in a year.
Contents
H&M issued a record fine in 2020
One Handelsblatt survey According to the data protection officers of the federal and state governments, the amount of the fines amounted to around 48 million euros. The record value is of course mainly based on the high H&M fine. The second highest fine was imposed on the electronics retailer Notebooksbilliger.de. This is said to have illegally monitored employees by video. The AOK in Baden-Württemberg was in third place with 1.2 million euros. The health insurance company is said to have used data for advertising purposes without consent.
The number of fines rose from 187 in 2019 to 301, which corresponds to an increase of almost 60 percent. However, these are mostly sanctions in the three to five-digit range against mostly small and medium-sized companies, associations or self-employed people. The GDPR violations range – as it has been since the GDPR came into force in 2018 – “from improper data disposal and video surveillance to inadequate technical and organizational measures,” as Baden-Württemberg’s data protection officer Stefan Brink told Handelsblatt. The number of data breaches is said to have risen to over 26,000 in 2020.
German business complains about GDPR
The German economy is meanwhile complaining that the GDPR “continues to create confusion and uncertainty”, as the Federation of German Employers’ Associations (BDA) put it. Unclear regulations and over-regulation would severely impair companies’ freedom of action, the BDA told Handelsblatt. What is needed now is “uniform guidelines for action and no overloading with new, complex regulations”.