Skip navigation

Almost 5 years and close to 3 billion in GDPR fines later

SCOPE EuropeEU Cloud CoCNews

In a few months, we’ll reach GDPR’s 5th anniversary of implementation. During this time, data protection authorities all over the EU have been tirelessly addressing GDPR violations.

As a result, the overall sum of fines significantly increases month after month. Knowing that, one probably wonders where are we as of January 2023? According to GDPR Enforcement Tracker, the accumulated amount of penalties stands today at € 2,777,904,610.

The tracker also points to a total of 1.446 fines that have been issued since 2018 all varying in size and addressing different violations. One might think that the companies who receive fines maliciously mishandled data, yet in reality compliance is a complex process. When it comes to GDPR implementation, there are several grey areas as  the provisions cover many different activities  and were designed to withstand continual innovation. Meaning  GDPR compliance is certainly not an easy box to check off on a company’s to-do list. 

Statistically, the violations with the most fines are related to data processing non-compliance. Against this background, luckily, there are  tools put forward by GDPR itself that businesses can implement to increase their safeguards and, ultimately, reduce legal uncertainty and the risk of fines. In this context, codes of conduct (Art. 40) are one of the instruments GDPR has introduced to optimize and harmonize its implementation.

The EU Cloud Code of Conduct is a tool that bridges the gap between the general provisions of the regulation and  their concrete implementation across the whole cloud industry. Since its approval in 2021 the Code has been playing a key role when it comes to cloud compliance, fostering the application of robust technical and organizational measures throughout the sector.

How does it work?

To earn the EU Cloud CoC compliance mark and its legal benefits as established by GDPR, cloud service providers must go through a thorough adherence process where the independent monitoring body assesses compliance with data processing requirements on a yearly basis . This  additional safeguard and element to proof compliance towards the supervisory authorities proactively helps to avoid or significantly reduce the risk of receiving GDPR-related fines. Additionally, by going through the adherence assessment, services gain crucial insights on how to  maintain high data protection standards.

As a result, adherent cloud providers listed in the Code’s Public Register can operate while largely benefiting from having an important safeguard against potential fines. Learn more about the benefits here.

*All GDPR statistics are up to date as of 27/01/23

Total_GDPR_fines_reach__1_.png