Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • Building Trust in AI Through a Decision-Centric Approach in Manufacturing
  • In Profile: Michael Stausholm, founder and CEO of SproutWorld
  • A beginner’s guide to growth shares (and why they’re so popular right now)
  • Brits lose £11.4 billion to scams: these are 5 of the most dangerous
  • Bold Business Marketing Specialist Speaks In Swindon This Week
  • Ransomware payment ban: What is it and how can businesses prepare?
  • How to demonstrate value beyond cost in business proposals
  • How Generative AI is Giving SMEs a Marketing Edge
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Legal»The most common GDPR violations, and which have cost European businesses the most.

The most common GDPR violations, and which have cost European businesses the most.

0
Posted By sme-admin on October 7, 2024 Legal, Marketing

GDPR non-compliance can be very costly for both large and small businesses, and while penalties haven’t yet reached the magnitude of 2023, Amazon France Logistique have already received a €32m fine, and TikTok a €1.8m fine.

While SMEs won’t face the same fines received by these larger companies, penalties scale based on the size of the business so remain a costly mistake to make. Interested in this, application SaaS company Indusface have investigated the most common GDPR violations, and which have cost European businesses the most.

GDPR violations

  1. Non-compliance with general data processing principles – €2,410,164,550 (617 fines)

Falling under the higher tier of fines under GDPR violations, the above qualifies as a serious infringement that violates the right to privacy and the right to be forgotten. Individual fines can reach €20 million, or 4% of a firm’s worldwide annual revenue from the preceding financial year, whichever is higher. So far in 2024, fines total over €2.4billion.

Venky Sundar, Founder and President – Americas,  Indusface, comments: “To avoid facing penalties, SMEs must follow data minimization principles and keep personal data accurate and up to date. Any data acquired should not be subjected to further processing for aims beyond the ones that the individual or organisation has consented to.

Protecting the acquired data is equally important. After all, data breaches can also lead to GDPR violations. Since most of the acquired data is stored in databases that are accessed through websites, apis and other applications, protecting these assets is important using tools such as a WAF or a WAAP. Data breaches can be prevented by following the below four step process:

  • Step 1: Maintain an inventory of all your external facing websites, mobile applications and APIs.

  • Step 2: Perform regular vulnerability scans and periodic manual penetration testing

  • Step 3: Patch all open vulnerabilities on time or at least virtually patch these on the WAF

  • Step 4: Protect the applications using tools such as WAF, WAAP, Intrusion prevention systems where these tools block the attacks from entering the corporate network infrastructure”

  1. Insufficient legal basis for data processing – €1,652,855,412 (654 fines)

Insufficient legal basis for data processing ranks in second position, amassing €1,652,855,412 in total sums to date – it is also the biggest violator in terms of number of fines in 2024.

Venky Sundar, Founder and President – Americas, Indusface recommends that organisations should only process data if they meet one of the six following criteria for lawful processing:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.

  • The processing is necessary to execute a contract or to take steps at the request of the data subject.

  • The processing is necessary for compliance with a legal obligation.

  • The processing is necessary to protect the vital interests of the data subject.

  • The processing is necessary to perform a task carried out in the public interest.

  • The processing is necessary to pursue the data controller’s legitimate interests, except where such interests are overridden by the rights of the data subject — in particular, where the data subject is a child.

GDPR further prohibits processing data including a person’s racial origin, political opinions, religious beliefs, trade union membership, and health or biometric data, except in limited circumstances.

  1. Insufficient technical and organisational measures to ensure information security – €480,011,915 (393 fines) 

Robust security measures are essential for any organisation controlling and processing data, whether technical measures such as cybersecurity software and good password practices, or organisational practices such as employee security training and confidentiality clauses.

As the third most common violation (393 fines in 2024 so far), SMEs must consider best practices regarding security within their organisation.

Methodology

  1. All data surrounding GDPR fines throughout Europe was taken from Enforcement Tracker and is accurate as of 12.9.24, but is subject to change as per further updates. 

  2. Venky Sundar has provided comments on complying with GDPR regulations on behalf of Indusface.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bold Business Marketing Specialist Speaks In Swindon This Week

How Generative AI is Giving SMEs a Marketing Edge

From PLT to Twitter X: Business Branding Decisions That Backfired

Comments are closed.

Follow SME Today on Linkedin and share all the topics you find interesting
Verify your identity for Companies House

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
Events Calendar
    • Marketing
    July 7, 2025

    Bold Business Marketing Specialist Speaks In Swindon This Week

    July 4, 2025

    How Generative AI is Giving SMEs a Marketing Edge

    • Finance
    July 8, 2025

    A beginner’s guide to growth shares (and why they’re so popular right now)

    July 7, 2025

    Ransomware payment ban: What is it and how can businesses prepare?

    • Health & Safety
    July 1, 2025

    Temperatures Soaring: Is Your Workplace Becoming Unsafe?

    January 29, 2025

    UK takeaways guilty of shocking hygiene failures:

    • Events
    July 4, 2025

    £20k grant for female-founded SME up for grabs

    July 2, 2025

    As Seen on BBC Panorama – Brad Burton to Headline The South West Expo in Swindon

    • Community
    June 23, 2025

    Celebrating One Year In Fairford Supporting The Community

    June 2, 2025

    National Charity Accelerates Children’s Reading Through New Corporate Partnership

    • Food & Drink
    June 23, 2025

    England Cricket Captain, Ben Stokes OBE, takes a stake in Spencer Matthews’ alcohol-free spirits brand, CleanCo

    June 16, 2025

    Hospitality industry risks collapse

    • Books
    April 24, 2025

    Values-Driven Professionalism: A Path to Client Loyalty

    December 2, 2024

    Banish the banshee boss: how to lead without fear – addressing the issue of fear-based management and how NOT to be this manager

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    X (Twitter) YouTube LinkedIn
    Most Recent Posts
    July 9, 2025

    Building Trust in AI Through a Decision-Centric Approach in Manufacturing

    July 9, 2025

    In Profile: Michael Stausholm, founder and CEO of SproutWorld

    July 8, 2025

    A beginner’s guide to growth shares (and why they’re so popular right now)

    July 8, 2025

    Brits lose £11.4 billion to scams: these are 5 of the most dangerous

    July 7, 2025

    Bold Business Marketing Specialist Speaks In Swindon This Week

    Categories
    • Books
    • Community & Charity
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport & Tourism
    • Wellbeing & Mental Health

    Copyright © 2020 SME Today.

    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact
    Copyright © 2025 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.