Dutch Data Protection Authority charges Dutch Credit Registration Bureau €830,000. The DPA penalised the Bureau for non-compliance with regulations concerning data subjects. According to the Authority Articles 12 (2) and 12 (5) of the GDPR were disregarded by the organisation between May 2018 and March 2019.

The decision was made based on the Bureau’s failure to ensure proper access rights management: data subjects were required to pay in order to access their personal data in a digital format which is against the rules stated in the EU regulation. The Bureau demanded that data be requested for free only once a year and only in paper, which clearly violated the GDPR command that access to personal data should be simplified and by no means dissuaded from accessing their personal details stored by the organisation.

For over two years there has been a significant amount taken from a number of companies with regard to the GDPR requirements. €158,135,806 is a total penalty exacted from businesses and organisations.

340 GDPR fines have been imposed by the General Data Protection Regulation on various companies since the regulation came into force. At least one penalty under GDPR was issued by each European country, including the United Kingdom.

The largest fine affected Google more than a year ago – French data protection authority charged the company €50 million claiming that it lacked transparency, valid consent regarding ads personalization, and was blamed for inadequate information. You can read about other fines here.