Tsaaro Reveals GDPR Penalties – Cautions Similar Trends in India

Tsaaro, a leading data privacy and cyber security services provider revealed the key findings of its survey on the penalties under GDPR and its enforcement trends wherein the penalties imposed on the META platforms contribute 82.6% from the total fines. The Privacy Fines Report 2022 is first-of-its-kind that adopts a birds eye view of privacy fines and analyses them as a whole. For the purpose of the report, Tsaaro has analyzed approximately 500 fines & penalties that data protection authorities within the EU have imposed under the EU GDPR. Tsaaro also cautions Indian corporates of a similar leak in India which is currently not reported or assessed but with structures in place, India will be seeing a similar story like EU.

Mr. Akarsh Singh Tsaaro

Furthermore, the fines on privacy not only seek to rectify wrongs committed, but also set a precedent for corporations as it depicts that privacy breaches are not to be taken lightly and non-compliance would put them in hot water with the authorities. With this initiative, Tsaaro Solutions with its first annual Report on Privacy Fines (2022) aims at being informational not just to consumers, but also to the corporations to whom the compliance measures of GDPR would apply.

Commenting on the same, Akarsh Singh, Co-founder and CEO of Tsaaro, said, “It is always extremely important for corporations and consumers to be acquainted from time to time with the facts and realities of the rapidly developing world which is taking place at the expense of personal data-a fact that is often hidden in plain sight. Our commitment to privacy is the cornerstone of what we do at Tsaaro and therefore the First Annual Tsaaro Report on GDPR Fines & the Privacy Landscape of 2022 is a product of the same commitment.”

Additionally, the report also takes an industry-specific approach to provide an overview of the industries with the maximum number of violations. It provides insight into the countries which topped the chart with the highest aggregate penalties; and throws light on the GDPR articles which were infringed on the most.

Key findings

82.6% (697 million) to the total fines accounts on the META platforms

Media, Telecom & Broadcasting Industry Accounted for about 86% of the total fines

In Finance, Insurance & Consulting sector, roughly 26% violated Article 5 of the GDPR

Nearly 29% of the penalized companies in the Transport & Energy sector violated Article 6 of the GDPR

Public Sector Entities & Educational Institutions were heavily penalized, contributing to about 10% of the total fines imposed

In 2018, there were 12 penalties with €500,000

In 4 years, the penalties increased to 166x times

In 2022, the penalties increased to 440 with €831,258,610

It is possible to be fined up to 20 million euros for particularly serious violations listed in Article 83(5) GDPR, or up to 4 of the preceding fiscal years total global turnover for undertakings

A lesser-severe violation is defined in Art. 83(4) GDPR as one that may result in a fine of no more than 10 million euros or 2% of a companys worldwide sales during the preceding fiscal year, whichever is higher

Top 5 provisions for which organizations were penalized were Article 5, 6, 12, 13, 32

About Tsaaro

Founded in January 2021 by Akarsh Singh and Rohit Jain, Tsaaro is India’s premier Data Protection services provider. Tsaaro is backed by the IIT founding team and is a technology compliance-focused company. Enabling an efficient data secure environment for businesses by building robust security systems, Tsaaro is widely acknowledged for its Data Protection services including Regulatory Assessment, DPO as a Service, Vendor Assessment, Privacy Risk Management, and Product Assessment. Apart from the company’s B2B business, Tsaaro expanded its services to the B2C market, with ‘Tsaaro Academy‘, where the company provides premiere privacy training and certifications. Tsaaro Academy, which was founded the same year, now offers a variety of IAPP certifications, including the CIPP/e, CIPT, and CIPM. Apart from these imperial privacy certificates, Tsaaro Academy’s exclusive practical approach-based certification program, Data Protection Officer (DPO) Certification Course was also created. Tsaaro Academy is currently giving live training to over 200 privacy professionals in the Asia Pacific and has one of the highest IAPP certification passing percentages in Asia.