twitter logo linkedin logo facebook logo


MIRACL Technologies Ltd

GDPR 3rd Anniversary

As we reach the third anniversary of GDPR what does it mean today? And how can we avoid unwanted fines?

Read on to discover the eye-watering fines that have been issued in the last couple of years, and understand how removing customer data from your verification process might be just the answer.

From 1 January 2021 the Brexit transition period ended. The EU GDPR no longer directly applied in the UK any more. However, as the GDPR has now been incorporated into UK domestic law, known as the “UK GDPR” companies are still obliged to conform. Equally, trading with any European organisation, even if you are based outside Europe, you still have to comply.

And there are tough sanctions for those who fail to. Three years on, what are the implications of failing to comply? Take a look at the 5 biggest GDPR fines of 2020 and 2021 as examples of how important it is to get it right…

1.Google – €50 million ($56.6 million)

Failure to inform their users how their personal information was going to be used led to this huge fine which was initially challenged by Google, but upheld when France’s leading court for administrative law dismissed their appeal.

2.H&M — €35 million ($41 million)

The second largest ever GDPR fine imposed was to this European fashion brand. Their misdemeanour was the monitoring of hundreds of employees when post sick leave, ‘return to work’ meetings were recorded and available for over 50 H&M managers to view.

3.Telecom Italia – €27.8 million ($31.5 million)

Italian telecommunications operator, Telecom Italia, were fined for ‘an over aggressive marketing strategy’ where millions of people were targeted with promotional calls – even those on non-contact and exclusion lists.

4.British Airways –€22 million ($26 million)

Hackers gained access to 400,000 customers log in details, payment card information, and PI like travellers’ names and addresses – from a data breach that could have simply been avoided by using sufficient security measures such as multi-factor authentication. If MIRACL Trust had been deployed as part of customer account verification this breach would have been avoided.

5.Marriott –€20.4 million ($23.8 million)

383 million guest records were exposed after the hotel chain’s guest reservation database was hacked. PI like guests’ names, addresses, passport numbers, and payment card information was exposed. Again, simple measures to protect customers data could easily have been used and the saga avoided.

MIRACL Trust® is a multi-factor verification system - used by high profile organisations such as Credit Agricole and Experian - that utilises an ISO/IEC approved zero-knowledge technique, which means that the end user can prove to the authentication service that they know a secret, without revealing that secret to the verifying party. No security-related information is stored on our servers or yours which means that there is nothing for a hacker to steal. User authentication takes place on the device and is secure against database breaches and man-in-the-middle intercept attacks because no credentials are exchanged between clients and servers in whole form. It means that GDPR compliance is eliminated and the risk of an unwanted fine removed.

For further information & the latest updates please visit: MIRACL or follow us on social media: Twitter @MIRACL | LinkedIn MIRACL

To reach out to MIRACL about potential partnership opportunities email Kate Ellerton on