Fletchers Data Claims

GDPR breach examples and fines

October 18, 2021
GDPR breach examples and fines

With 2022 marking four years since General Data Protection Regulation (GDPR) came into force, we take a closer look at what a GDPR breach looks like and the wider impact of a breach.

Recognising a GDPR breach

According to CSO, a leading global cyber attack think tank, ‘regulators are getting much more serious’ about their GDPR breach penalties and fines.

In fact, statistics show that since 2019, very sizable fines are being used to deter other data breach mistakes.

Here are some well-known data breach examples from the Information Commissioner’s Office, ICO.

Amazon’s data protection breach

Following the announcement of Amazon’s July 2021 earnings report, the retail giant’s GDPR penalty (£636 Million) is said to be nearly 15 times bigger than the previous record.

In addition to this, Amazon’s fine was the first significant GDPR ruling against ‘Big Tech’.

There remains a lot of secrecy around the data breach itself. This is largely because Amazon are appealing the decision (as of August 2021). However, cookie consent is the main reason for the breach itself.

Finally, Amazon have previously been caught out for how they store their consumer data.

In 2020, France fined the company €35 million after Amazon ‘allegedly’ failed to get cookie consent on its website.

Google’s data breach

Until August this year, Google’s 2019 GDPR breach was the largest on record at €50 million ($56.6 million).

The data protection breach fine was in response to how Google provides privacy notices to its users.

It was also about how the company were requesting consent for personal advertising and other data processing. 

If you’re wondering how the GDPR fine could have been avoided, that has also come to light.

Google should provide more user consent information and more control over the personal processing of client data.

GDPR Breach Examples - Google

H&M’s breach of data

If 2020 wasn’t bad enough for global retailers, H&M were hit with a €35 Million GDPR fine.

At the time, this was the second-largest penalty ever imposed. 

Where Amazon and Google were failing in relation to customer consent, H&M’s violations involved monitoring their own employees.

Some employees returning from leave later found out their return-to-work meetings were recorded and accessible to over 50 managers.

H&M recorded, unknowingly to several individuals, conversations involving personal information and sensitive data. In essence, the retailer broke away from the core principles of GDPR.

Bounty UK’s GDPR breach

The ICO issued the UK’s fastest-growing pregnancy club Bounty, a £400,000 fine for illegally sharing the personal information of more than 14m people.

The UK’s fastest growing pregnancy club, Bounty, received a £400,000 fine from the ICO for illegally sharing personal information.

The information contained the personal details of around 14 million members, whereby Bounty shared millions of sensitive records with creditors and marketing agencies.

If you believe your data was part of the Bounty data breach, through the support and guidance of our GDPR breach experts here at Fletchers Data Claims, you may be entitled to compensation for the distress caused by the breach.

Recent posts