GDPR

GDPR one year on: measured enforcement is just the beginning

It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they…

Published 7 years ago in
GDPR one year on: measured enforcement is just the beginning


It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they could have levied – a difference of billions. 

As enforcement begins, the commission seems to be leaning towards a constructive approach – with some members stating publicly they do not wish to put companies out of business, or leverage a fine so large a company would be incapable of fixing the problem. The goal seems to be to incentivise companies to fix the problem, while letting them know that if they do not, the fine could get worse. As time goes on, this approach will likely change. 

GDPR

  • What’s been done for data privacy since GDPR?
  • Majority of companies still aren’t GDPR-compliant

    • First fine under GDPR

    Today, the commission seems to be  rewarding good behaviour as much as it is punishing bad behaviour. A perfect example of this is the first company to be fined under the GDPR, a German social media platform called Knuddels. On first glance, the offense

    Read More

    Be the first to write a comment.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    GDPR

    Tech Tuesday: Data privacy and synthetic data generation tools

    Data has become simultaneously the most valuable asset most organisations own and the most heavily regulated one. GDPR fines exceeded €4.5 billion cumulatively by early 2026. The EU AI Act’s classification of training data quality as a high-risk system requirement has made data provenance a legal obligation rather than a best practice…

    Published 2 weeks ago in
    Tech Tuesday: Data privacy and synthetic data generation tools

    Data has become simultaneously the most valuable asset most organisations own and the most heavily regulated one. GDPR fines exceeded €4.5 billion cumulatively by early 2026. The EU AI Act’s classification of training data quality as a high-risk system requirement has made data provenance a legal obligation rather than a best practice…
    Read More

    Continue Reading
    GDPR

    Researcher reveals official White House app is one command away from tracking your precise location every 4.5 minutes – app can also inject code to dodge cookie consent, GDPR banners, and paywalls

    White House app contains code to hide cookie options, GDPR banners, and paywalls – and collects extensive user data…

    Published 2 months ago in
    Researcher reveals official White House app is one command away from tracking your precise location every 4.5 minutes – app can also inject code to dodge cookie consent, GDPR banners, and paywalls

    White House app contains code to hide cookie options, GDPR banners, and paywalls – and collects extensive user data…
    Read More

    Continue Reading
    GDPR

    Viva la revolución: LinkedIn profile visitor lists belong to the people, says Noyb

    GDPR Article 15 doesn’t care if you want to make money by selling users’ data back to them A LinkedIn feature the average non-paying user likely only glances past could end up setting a legal precedent in the EU regarding how companies treat customer data that they’ve processed. …

    Published 2 months ago in
    Viva la revolución: LinkedIn profile visitor lists belong to the people, says Noyb

    GDPR Article 15 doesn’t care if you want to make money by selling users’ data back to them A LinkedIn feature the average non-paying user likely only glances past could end up setting a legal precedent in the EU regarding how companies treat customer data that they’ve processed. …
    Read More

    Continue Reading
    GDPR

    Estonia is the rare EU country opposing bans on children’s social media use

    In short: Estonia and Belgium are the only two EU member states to have declined the Jutland Declaration, an October 2025 pan-European commitment to restrict children’s access to social media. Estonia’s ministers argue that age-based bans are unenforceable, that children will find ways around them, and that the correct approach is to enforce the GDPR against

    Published 2 months ago in
    Estonia is the rare EU country opposing bans on children’s social media use

    In short: Estonia and Belgium are the only two EU member states to have declined the Jutland Declaration, an October 2025 pan-European commitment to restrict children’s access to social media. Estonia’s ministers argue that age-based bans are unenforceable, that children will find ways around them, and that the correct approach is to enforce the GDPR against […]
    This story continues at The Next Web…
    Read More

    Continue Reading