Million-dollar fines for a security breach? What your company can do to make sure it’s not the next cautionary tale.

Wednesday, February 23, 2022

Privacy is an important topic, so it should be no surprise that many more companies are sitting up and paying attention to how they store and process data. This is partly because companies want to be proactive and do right by their customers by ensuring their visitor data is protected. The other part of this is that companies now realize that if they don’t focus on data privacy, they risk hefty fines for non-compliance. 

That’s where today’s article comes in. Let’s take a closer look at a few of the companies that have been fined for data privacy breaches, along with what you can do to make sure that you don’t follow in their footsteps. 

The Fines

In 2021 alone, regulators issued $1.3 billion in GDPR fines, marking a 7x increase from 2020. This shows a sincere commitment on the part of the European Union to bring increasing action against companies that are found to be non-compliant. 

These record levels were attained through massive fines levied at Amazon and WhatsApp, with Luxembourg fining Amazon around $850 million. The WhatsApp fine came from Ireland, which ordered WhatsApp to pay a little over $250 million due to its failure to be transparent about storing and processing users’ personal data.

Interestingly, these record-breaking fines from Luxembourg and Ireland mean that they’ve taken over Italy and Germany and knocked them off the top two spots on the list of countries that have issued the largest fines. This showcases a wider trend and indicates that even though Germany has historically led the charge towards greater online privacy, the rest of the European Union is ready to take up the baton. 
This data comes from January 2022’s DLA Piper GDPR Fines and Data Breach Survey, a 20-page report that shares several insights including the fact that regulators were informed of 130,000 personal data breaches in 12 months, averaging 356 each day. That figure is up 8% on the previous year.

Given that breaches are up 8% and fines are up 700%, something becomes clear immediately – the high level of fines is due to heavier punishments and increased vigilance, and not because more breaches are occurring.

It was also announced in January 2022 that France had fined both Google and Facebook a total of 210 million Euros (or £175 million) over the use of cookies. The Commission Nationale de l'informatique et des Libertés (CNIL) said that the sites were making it difficult for internet users to refuse the use of cookies.

As of February 2022, the ten largest fines for GDPR non-compliance total over $1.5 billion and are as follows:


Brands should take this for what it is: a sign that data security and compliance are more important than ever before. If you’re not putting compliance first and foremost, you risk major penalties including huge fines, which can be crippling for companies of any size.
The good news is that trying to avoid these fines will also mean adopting a more ethical approach towards the data you store and process. It’s not just about being compliant, and it’s not even about being the kind of company that people want to buy from. It’s about acknowledging that you have a duty of care and taking reasonable steps to protect people’s privacy.

And as the data shows, this isn’t just a flash in the pan. This is an ongoing trend that will only become more important in the years to come. Privacy and the importance of secure data collection and storage are the new norms, and we need to get used to and respect that in the same way that we’re getting used to living with COVID-19.

Preventing Fines

So, what can you do about this? Well, one option is to remove your reliance on third-party cookies by switching to a cookie-less tracking provider. This sidesteps the risk of non-compliance by ensuring that you’re handling less sensitive data than your competition. Let them make the expensive mistakes instead of you.

Switching to a cookie-less solution also helps you to future-proof yourself by being one step ahead of the rest of the market. Studies like the DLA Piper GDPR Fines and Data Breach Survey show the direction that the market (and the world) is moving, and it’s a solid sign that the deprecation of cookies will continue in the months and years to come.

It’s also a good idea to familiarize yourself with the latest GDPR requirements and to make sure that your data policy is easy for people to find. Take steps to secure all of the data that you store and ensure that people can request a copy of any information that you store on them.
The idea is to change your entire way of thinking into something that’s more aligned with the latest best practices in data privacy. As long as you do everything you can to obey privacy laws and to put your customer’s data privacy rights first, you’re ready for the future.

That’s where Metricsflow comes in. Our cookie-less tracking solution is designed to allow you to carry out advanced analytics and attribution without the need for cookies. Click here to find out more.

You might also like
this new related posts

Stop losing data today