New Delhi, Delhi, India

Tsaaro, a leading data privacy and cyber security services provider revealed the key findings of its survey on the penalties under GDPR and its enforcement trends wherein the penalties imposed on the META platforms contribute 82.6% from the total fines. The Privacy Fines Report 2022 is first-of-its-kind that adopts a bird’s eye view of privacy fines and analyses them as a whole. For the purpose of the report, Tsaaro has analyzed approximately 500 fines & penalties that data protection authorities within the EU have imposed under the EU GDPR. Tsaaro also cautions Indian corporates of a similar leak in India which is currently not reported or assessed but with structures in place, India will be seeing a similar story like EU.

Mr. Akarsh Singh Tsaaro


Furthermore, the fines on privacy not only seek to rectify wrongs committed, but also set a precedent for corporations as it depicts that privacy breaches are not to be taken lightly and non-compliance would put them in hot water with the authorities. With this initiative, Tsaaro Solutions with its first annual Report on Privacy Fines (2022) aims at being informational not just to consumers, but also to the corporations to whom the compliance measures of GDPR would apply.


Commenting on the same, Akarsh Singh, Co-founder and CEO of Tsaaro, said, “It is always extremely important for corporations and consumers to be acquainted from time to time with the facts and realities of the rapidly developing world which is taking place at the expense of personal data-a fact that is often hidden in plain sight. Our commitment to privacy is the cornerstone of what we do at Tsaaro and therefore the First Annual Tsaaro Report on GDPR Fines & the Privacy Landscape of 2022 is a product of the same commitment.” 


Additionally, the report also takes an industry-specific approach to provide an overview of the industries with the maximum number of violations. It provides insight into the countries which topped the chart with the highest aggregate penalties; and throws light on the GDPR articles which were infringed on the most. 


Key findings

  • 82.6% (697 million) to the total fines accounts on the META platforms

  • Media, Telecom & Broadcasting Industry Accounted for about 86% of the total fines

  • In Finance, Insurance & Consulting sector, roughly 26% violated Article 5 of the GDPR

  • Nearly 29% of the penalized companies in the Transport & Energy sector violated Article 6 of the GDPR

  • Public Sector Entities & Educational Institutions were heavily penalized, contributing to about 10% of the total fines imposed

  • In 2018, there were 12 penalties with €500,000

  •  In 4 years, the penalties increased to 166x times 

  • In 2022, the penalties increased to 440 with €831,258,610

  • It is possible to be fined up to 20 million euros for particularly serious violations listed in Article 83(5) GDPR, or up to 4 of the preceding fiscal year’s total global turnover for undertakings

  • A lesser-severe violation is defined in Art. 83(4) GDPR as one that may result in a fine of no more than 10 million euros or 2% of a company’s worldwide sales during the preceding fiscal year, whichever is higher

  • Top 5 provisions for which organizations were penalized were Article 5, 6, 12, 13, 32

About Tsaaro

Founded in January 2021 by Akarsh Singh and Rohit Jain, Tsaaro is India’s premier Data Protection services provider. Tsaaro is backed by the IIT founding team and is a technology compliance-focused company. Enabling an efficient data secure environment for businesses by building robust security systems, Tsaaro is widely acknowledged for its Data Protection services including Regulatory Assessment, DPO as a Service, Vendor Assessment, Privacy Risk Management, and Product Assessment. Apart from the company’s B2B business, Tsaaro expanded its services to the B2C market, with ‘Tsaaro Academy’, where the company provides premiere privacy training and certifications. Tsaaro Academy, which was founded the same year, now offers a variety of IAPP certifications, including the CIPP/e, CIPT, and CIPM. Apart from these imperial privacy certificates, Tsaaro Academy’s exclusive practical approach-based certification program, Data Protection Officer (DPO) Certification Course was also created. Tsaaro Academy is currently giving live training to over 200 privacy professionals in the Asia Pacific and has one of the highest IAPP certification passing percentages in Asia.