Ireland second in Europe for fines issued for breaching GDPR rules

As home to some of the world's largest tech and data companies, Ireland's Data Protection Commissioner Helen Dixon holds one of the key enforcement roles in Europe when it comes to GDPR. 

The landmark privacy law has been in place for four years placing a range of restrictions and compliance requirements on private companies, government departments, state bodies and organisations.

In September of last year, Ms Dixon imposed a €225m fine on communications app WhatsApp for what the DPC said were 'severe' breaches of privacy legislation. The fine is the second-largest imposed by any data protection officer in the EU, surpassed only by the €746m fine imposed on Amazon by Luxembourg's data protection body. Both record-breaking fines are currently under appeal.

According to DLA Piper's annual GDPR Fines and Data Breach Survey, nearly €1.1bn of fines have been imposed for a wide range of infringements representing a 594% year on year increase in fines imposed since January 28, 2021, compared to €158.5m during the same period last year. Per capita, the Netherlands tops the rankings for data breach notifications, while Ireland is fourth

"It is four years since the implementation of GDPR and we are now seeing significant fines imposed for a wide range of infringements of Europe’s rigorous data protection laws," John Magee, partner and head of data protection and information security at DLA Piper Ireland said. 

"Regulators have issued record fines surpassing €1bn euro and Ireland now ranks second overall for total fines to date, demonstrating the significant position and influence of the Data Protection Commission (DPC) in the EU. Given that Ireland is home to some of the world’s largest-data businesses, there is no doubt that the DPC will continue to play a central role in the enforcement of GDPR in Europe.”