Continuing the increased focus on GDPR breaches, the year started intensively in terms of penalties relating to personal data protection.

The Italian Data Protection authority Garante published on 19^th January 2022 its decision to impose a fine in the amount of €26,513,977 on Enel Energia S.p.a, a leading Italian multinational manufacturer and distributor of electricity and gas. The fine was for violating various GDPR provisions referring to aggressive telemarketing and this enters the top 10 GDPR worldwide fines so far.

As to the current ranking relating to GDPR fines, Amazon still holds the top spot with a fine of €746 million, followed by WhatsApp with a fine of €225 million.

Also, the French data protection authority CNIL published on 6^th January 2022 decisions in which it imposed the following fines: Google LLC – €90 million, Google Ireland Limited – €60 million and Facebook Ireland Limited – €60 million for violating French Data Protection Act (la loi “Informatique et Libertés”) and EU e-Privacy directive also known as the “EU cookie law”, more precisely for failing to allow French users to easily reject cookie tracking technology.

Personal data protection is an increasingly current topic which will influence not only companies to comply with relevant legislation, but also the competent authorities to continue imposing high fines for violating provisions of this legislation.

For more information on how your company remains compliant please contact NST Law for further information.