SOCIETÀ ITALIANA DI DIRITTO ED ECONOMIA
Albina Orlando (Consiglio Nazionale delle Ricerche (C.N.R.))
Mario Santoro (Consiglio Nazionale delle Ricerche)
Abstract
The General Data Protection Regulation (GDPR) was enacted in 2016 and became enforceable on May 25, 2018. It aims to harmonize data protection laws across the EU, providing individuals with more control over their personal data. The GDPR consists of 99 articles, with 42 potentially leading to fines. Article 83 defines two tiers of fines, depending on the severity of the violations. Regarding the first level (say Tier A), fines can reach €10 million or 2% of global revenues, while the second level (Tier B) fines can go up to €20 million or 4% of revenues. Compliance with GDPR not only involves reshaping how organizations handle data but also leads to enhanced cybersecurity measures and an increase in cyber insurance demand. Understanding enforcement patterns across the EU is critical for businesses and cybersecurity professionals. The research relies on the CMS Law-GDPR Enforcement Tracker, which compiles fines across the EU, UK, and Norway. By analyzing this dataset with text analysis and topic modeling techniques, the study uncovers trends in GDPR enforcement, offering valuable insights for policymakers, legal professionals, and researchers on improving compliance and mitigating risks.