Follow on Google News
€4.9B GDPR mistakes: expert advises on how to avoid in your business
€4.9B GDPR mistakes: expert advises on how to avoid in your business
GDPR non-compliance can be very costly for both large and small businesses, and while penalties haven’t yet reached the magnitude of 2023, Amazon France Logistique have already received a €32m fine, and TikTok a €1.8m fine.
While SMEs won’t face the same fines received by these larger companies, penalties scale based on the size of the business so remain a costly mistake to make. Interested in this, application SaaS company Indusface have investigated the most common GDPR violations, and which have cost European businesses the most.
Key insights:
- The most committed GDPR violation is “insufficient legal basis for data processing” with 654 fines attributed in 2024 alone
- The costliest violation is “non-compliance with general data processing principles”, totalling €2,410,164,550 in 2024
- The average fine across violations amounts to €1,119,860
The GDPR Violations Costing European Businesses the Most in 2024
- Non-compliance with general data processing principles – €2,410,164,550 (617 fines)
Falling under the higher tier of fines under GDPR violations, the above qualifies as a serious infringement that violates the right to privacy and the right to be forgotten. Individual fines can reach €20 million, or 4% of a firm’s worldwide annual revenue from the preceding financial year, whichever is higher. So far in 2024, fines total over €2.4billion.
Venky Sundar, Founder and President – Americas, Indusface, comments: “To avoid facing penalties, SMEs must follow data minimization principles and keep personal data accurate and up to date. Any data acquired should not be subjected to further processing for aims beyond the ones that the individual or organisation has consented to.
Protecting the acquired data is equally important. After all, data breaches can also lead to GDPR violations. Since most of the acquired data is stored in databases that are accessed through websites, apis and other applications, protecting these assets is important using tools such as a WAF or a WAAP. Data breaches can be prevented by following the below four step process:
- Step 1: Maintain an inventory of all your external facing websites, mobile applications and APIs.
- Step 2: Perform regular vulnerability scans and periodic manual penetration testing
- Step 3: Patch all open vulnerabilities on time or at least virtually patch these on the WAF
- Step 4: Protect the applications using tools such as WAF, WAAP, Intrusion prevention systems where these tools block the attacks from entering the corporate network infrastructure”
- Insufficient legal basis for data processing – €1,652,855,412 (654 fines)
Insufficient legal basis for data processing ranks in second position, amassing €1,652,855,412 in total sums to date – it is also the biggest violator in terms of number of fines in 2024.
Venky Sundar, Founder and President – Americas, Indusface recommends that organisations should only process data if they meet one of the six following criteria for lawful processing:
- The data subject has given consent to the processing of their personal data for one or more specific purposes.
- The processing is necessary to execute a contract or to take steps at the request of the data subject.
- The processing is necessary for compliance with a legal obligation.
- The processing is necessary to protect the vital interests of the data subject.
- The processing is necessary to perform a task carried out in the public interest.
- The processing is necessary to pursue the data controller’s legitimate interests, except where such interests are overridden by the rights of the data subject — in particular, where the data subject is a child.
GDPR further prohibits processing data including a person’s racial origin, political opinions, religious beliefs, trade union membership, and health or biometric data, except in limited circumstances.
- Insufficient technical and organisational measures to ensure information security – €480,011,915 (393 fines)
Robust security measures are essential for any organisation controlling and processing data, whether technical measures such as cybersecurity software and good password practices, or organisational practices such as employee security training and confidentiality clauses.
As the third most common violation (393 fines in 2024 so far), SMEs must consider best practices regarding security within their organisation.
(Data Supplied by Indusface)
Latest Posts
- Pakistan PM Shebaz Sharif & Field Marshel Asim Munir Arrives in Switzerland For Talks on proposed Us-Iran Agreement
June 21, 2026 | Breaking News, Politics, World - Haier HQLED P7 Pro Series Smart TVs Launched in India With Dolby Atmos, 50W Speakers
June 21, 2026 | Tech, Technology - Redmi Turbo 5 With 50-Megapixel Rear Camera, Dimensity 8500 Ultra Chip Goes on Sale in India: Price, Offers
June 21, 2026 | Tech, Technology - Tecno Camon Slim Confirmed to Launch Soon; Design, Colour Options Teased
June 21, 2026 | Tech, Technology - Outsourcing Introduced by Previous Regimes, Not by Omar-led Govt says Jammu Kashmir Education Minister Sakina Itoo
June 21, 2026 | Breaking News, Jammu Kashmir, Politics - Per Aspera Ad Astra Out on OTT: Where to Watch the Sci-Fi Thriller Online?
June 21, 2026 | Entertainment - Prime Minister Modi Releases PM-Kisan Instalment Worth Rs 18,880 Crore In West Bengal
June 21, 2026 | Breaking News, India, Politics - Begona Gomez – Wife Of Spain PM Pedro Sanchez To Face Corruption Trial, Told To Surrender Passport
June 21, 2026 | Breaking News, Politics, World - Israeli Army Confirms Journalist Killed In Gaza, Calls Him ‘Hamas’ Terrorist
June 21, 2026 | Breaking News, Politics, World - PoJK Protesters Speaking ‘Language of Bharat,’ Not Kashmiris or Pakistanis: Pakistan’s Defence Minister Khawaja Asif
June 21, 2026 | Breaking News, India, Politics, World