As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.

A survey conducted in April and May 2023 revealed that around ** percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further ** percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

A survey conducted in April and May 2023 among companies that do business in the European Union and the United Kingdom (UK) found that over half of the respondents, 53 percent, felt very prepared for the General Data Protection Regulation (GDPR). A further 35 percent of the companies believed they were moderately prepared, while 10 percent said they were slightly ready to comply with the EU and UK privacy legislations.

Since the enforcement of the General Data Protection Regulation (GDPR) in May 2018, fines have been issued for several types of violations. As of February 2025, the most significant share of penalties was due to companies' non-compliance with general data processing principles. This violation has led to over 2.4 billion euros worth of fines.

This dataset is a central catalogue of Data Protection Impact Assessments (DPIAs) of smart city projects that collect personal information in public spaces. By publishing this in one place for the first time, it will enable public transparency and support good practice among operators. A DPIA helps to identify and minimise the risks of a project that uses personal data. Further information: DPIA registration form: https://www.london.gov.uk/dpia-register-form Information Commissioner DPIA: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/

Whilst this some of the requested information is held by the NHSBSA, we have exempted some of the figures under section 40(2) subsections 2 and 3(a) of the FOIA because it is personal data of applicants to the VDPS. This is because it would breach the first data protection principle as: a - it is not fair to disclose individual’s personal details to the world and is likely to cause damage or distress. b - these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the individual. https://www.legislation.gov.uk/ukpga/2000/36/section/40 Information Commissioner Office (ICO) Guidance is that information is personal data if it ‘relates to’ an ‘identifiable individual’ regulated by the UK General Data Protection Regulation (UK GDPR) or the Data Protection Act 2018. The information relates to personal data of the VDPS claimants and is special category data in the form of health information. As a result, the claimants could be identified, when combined with other information that may be in the public domain or reasonably available. Online communities exist for those adversely affected by vaccines they have received. This further increases the likelihood that those may be identified by disclosure of this information. Section 40(2) is an absolute, prejudice-based exemption and therefore is exempt if disclosure would contravene any of the data protection principles. To comply with the lawfulness, fairness, and transparency data protection principle, we either need the consent of the data subject(s) or there must be a legitimate interest in disclosure. In addition, the disclosure must be necessary to meet the legitimate interest and finally, the disclosure must not cause unwarranted harm. The NHSBSA has considered this and does not have the consent of the data subjects to release this information and believes that it would not be possible to obtain consent that meets the threshold in Article 7 of the UK GDPR. The NHSBSA acknowledges that you have a legitimate interest in disclosure of the information to provide the full picture of data held by the NHSBSA; however, we have concluded that disclosure of the requested information would cause unwarranted harm and therefore, section 40(2) is engaged. This is because there is a reasonable expectation that patient data processed by the NHSBSA remains confidential, especially special category data. There are no reasonable alternative measures that could meet the legitimate aim. As the information is highly confidential and sensitive, it outweighs the legitimate interest in the information. Section 41 FOIA This information is also exempt under section 41 of the FOIA (information provided in confidence). This is because the requested information was provided to the NHSBSA in confidence by a third party - another individual, company, public authority or any other type of legal entity. In this instance, details have been provided by the claimants. For Section 41 to be engaged, the following criteria must be fulfilled:

Between 2018 and 2022, there has been a significant increase in the level of awareness around the General Data Protection Regulation (GDPR) among European users. In 2018, when the GDPR was first applied, the United Kingdom had the highest level of awareness, with 32 percent of respondents agreeing or strongly agreeing with the statement: "I am aware of the new General Data Protection Regulation (GDPR) that will be introduced in May 2018". In 2022, the share of UK respondents agreeing with the statement increased to 73 percent. France had the lowest level of awareness in 2018, 20 percent, whereas in 2022 it reached 47 percent but remained the lowest among other European markets.

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

Unlock the Power of Behavioural Data with GDPR-Compliant Clickstream Insights.

Swash clickstream data offers a comprehensive and GDPR-compliant dataset sourced from users worldwide, encompassing both desktop and mobile browsing behaviour. Here's an in-depth look at what sets us apart and how our data can benefit your organisation.

User-Centric Approach: Unlike traditional data collection methods, we take a user-centric approach by rewarding users for the data they willingly provide. This unique methodology ensures transparent data collection practices, encourages user participation, and establishes trust between data providers and consumers.

Wide Coverage and Varied Categories: Our clickstream data covers diverse categories, including search, shopping, and URL visits. Whether you are interested in understanding user preferences in e-commerce, analysing search behaviour across different industries, or tracking website visits, our data provides a rich and multi-dimensional view of user activities.

GDPR Compliance and Privacy: We prioritise data privacy and strictly adhere to GDPR guidelines. Our data collection methods are fully compliant, ensuring the protection of user identities and personal information. You can confidently leverage our clickstream data without compromising privacy or facing regulatory challenges.

Market Intelligence and Consumer Behaviour: Gain deep insights into market intelligence and consumer behaviour using our clickstream data. Understand trends, preferences, and user behaviour patterns by analysing the comprehensive user-level, time-stamped raw or processed data feed. Uncover valuable information about user journeys, search funnels, and paths to purchase to enhance your marketing strategies and drive business growth.

High-Frequency Updates and Consistency: We provide high-frequency updates and consistent user participation, offering both historical data and ongoing daily delivery. This ensures you have access to up-to-date insights and a continuous data feed for comprehensive analysis. Our reliable and consistent data empowers you to make accurate and timely decisions.

Custom Reporting and Analysis: We understand that every organisation has unique requirements. That's why we offer customisable reporting options, allowing you to tailor the analysis and reporting of clickstream data to your specific needs. Whether you need detailed metrics, visualisations, or in-depth analytics, we provide the flexibility to meet your reporting requirements.

Data Quality and Credibility: We take data quality seriously. Our data sourcing practices are designed to ensure responsible and reliable data collection. We implement rigorous data cleaning, validation, and verification processes, guaranteeing the accuracy and reliability of our clickstream data. You can confidently rely on our data to drive your decision-making processes.

Data De-identification and Pseudonymity Software Market Outlook

The global data de-identification and pseudonymity software market is projected to grow significantly, reaching approximately USD 4.2 billion by 2032, driven primarily by increasing data privacy concerns and stringent regulatory requirements worldwide.

The primary growth factor in the data de-identification and pseudonymity software market is the surge in data breaches and cyber-attacks. With the exponential increase in data generation, organizations are more vulnerable to data breaches and unauthorized access. These security concerns have prompted businesses and governments to invest heavily in robust data protection solutions. Data de-identification and pseudonymity software provide a secure way to anonymize sensitive information, making it less susceptible to malicious activities. As data protection laws become more rigorous, the demand for such technologies will continue to rise, further propelling market growth.

Another significant factor contributing to market growth is the growing awareness and emphasis on data privacy among consumers. In recent years, consumers have become increasingly aware of how their data is being used and the potential risks associated with data misuse. This heightened awareness has put pressure on organizations to adopt comprehensive data protection measures. Data de-identification and pseudonymity software offer a means to protect personal information while still allowing organizations to utilize data for analytics and decision-making. This dual benefit is a key driver for the adoption of these technologies across various sectors.

Moreover, regulatory compliance is a crucial driver for the market. Regulations such as the General Data Protection Regulation (GDPR) in Europe, the Health Insurance Portability and Accountability Act (HIPAA) in the United States, and various other data protection laws worldwide mandate stringent measures for data protection. Non-compliance can result in hefty fines and legal repercussions. Therefore, organizations are increasingly adopting data de-identification and pseudonymity software to ensure compliance with these regulations. The need for regulatory compliance is expected to sustain market growth in the foreseeable future.

Regionally, North America currently dominates the global data de-identification and pseudonymity software market, accounting for the largest market share. This is attributed to the presence of major technology players, stringent data protection regulations, and high adoption rates of advanced technologies in the region. Europe follows closely, with significant market contributions from countries such as Germany, France, and the UK, driven by robust regulatory frameworks like GDPR. The Asia Pacific region is also expected to witness substantial growth, fueled by rapid digitalization, increasing cybersecurity threats, and growing awareness about data privacy in countries like China, India, and Japan.

Data Masking Tools play a pivotal role in enhancing the security framework of organizations by providing an additional layer of protection for sensitive information. These tools are designed to obscure specific data within a dataset, ensuring that unauthorized users cannot access or decipher the original information. As businesses increasingly rely on data-driven insights, the need for robust data masking solutions becomes more critical. By employing data masking tools, organizations can safely share data across departments or with third-party vendors without compromising privacy. This capability is especially beneficial in industries such as healthcare and finance, where data privacy is paramount. The integration of data masking tools with existing data protection strategies can significantly reduce the risk of data breaches and ensure compliance with regulatory standards.

Component Analysis

The data de-identification and pseudonymity software market can be segmented by component into software and services. The software segment is anticipated to hold the lion's share due to the increasing adoption of data protection solutions across various industries. Software solutions provide automated tools for anonymizing and pseudonymizing data, ensuring compliance with regulatory standards. These solutions are essential for organizations aiming to mitigate the risks associated with data breaches and unauthorized access. As cyber threats continue to evolve, the demand for advanced software solutions is exp

In September 2024, the Irish Data Protection Commission fined Meta Ireland 91 million euros after passwords of social media users were stored in 'plaintext' on Meta's internal systems rather than with cryptographic protection or encryption. In May 2023, the EU fined Meta 1.2 billion euros for violating laws on digital privacy and putting the data of EU citizens at risk through Facebook's EU-U.S. data transfers. European privacy legislation is seen as being far stricter than American privacy law, and the sending of EU citizens’ data to the United States resulted in the record breaking penalty being issued to the tech giant. In January 2023, after it was discovered that Meta Platforms had improperly required that users of Facebook, Instagram, and WhatsApp accept personalized adverts to use the platforms, the company was issued a 390 million euro fine by the European Commission. EU regulators claim that the social media giant broke the General Data Protection Regulation (GDPR) by including the demand in its terms of service. In addition, Meta was fined 405 million euros by the Irish Data Protection Commission (DPC) in September 2022 for violating Instagram's children's privacy settings. In November 2022, the DPC fined Meta a further 265 million euros for failing to protect their users from data scraping. GDPR violations in 2022 Social media sites and companies are not the only types of online services upon which users' data can potentially be compromised. In 2022, the online service with the biggest fine for violating GDPR was e-commerce and digital powerhouse Amazon, which was issued a 746 million euro fine. Furthermore, in December 2021, Google was penalized 90 million euros for GDPR violations. What are the most common GDPR violations? Since GDPR went into effect in May 2018, fines have been imposed for a variety of reasons. As of June 2022, companies' non-compliance with general data processing principles accounted for the largest share of fines, resulting in over 845 million euros worth of penalties. Insufficient legal basis for data processing was the second most common violation, amounting to 447 million euros in fines.

The UK cybersecurity insurance market, a segment within the broader global market valued at $1.35 billion in 2025 with a 13.40% CAGR, is experiencing robust growth driven by escalating cyber threats targeting businesses of all sizes. Increased frequency and severity of ransomware attacks, data breaches, and compliance failures are compelling organizations to prioritize cyber risk mitigation, fueling demand for comprehensive insurance coverage. The market is segmented by product type (packaged and standalone policies) and application type (banking & financial services, IT & telecom, healthcare, retail, and others). Major players like AIG, Allianz, Beazley, Hiscox, and Marsh dominate the landscape, offering a range of solutions tailored to specific industry needs. The UK market benefits from a sophisticated regulatory environment and a high level of digital adoption, further propelling insurance uptake. However, challenges remain, including the complexity of assessing and pricing cyber risks, a lack of standardized policies, and the potential for significant payouts in the event of major breaches. Given the global CAGR of 13.40% and the UK's prominent position in the global financial and technological sectors, the UK market is likely to experience growth exceeding the global average. Specific growth drivers for the UK include strong government initiatives promoting cybersecurity awareness and regulations like the GDPR, which increase the liability of companies failing to protect data. The rise of cloud computing and the Internet of Things (IoT) also contributes to increased vulnerabilities and higher insurance demand. The market's segmentation reflects the varied risk profiles across different sectors. For instance, the financial services sector will likely show higher insurance penetration due to stricter regulatory requirements and greater exposure to financial crimes. The competitive landscape indicates considerable investment and innovation in product development and risk management techniques, leading to more specialized and effective insurance solutions. Recent developments include: September 2023: Cowbell is committed to addressing cyber risk challenges on a global scale, and our expansion into the UK is a testament to this. Cowbell Prime One is tailored towards SME and mid-market customers and allows brokers to customize cyber policies for different risk exposures, such as email scams, ransomware, and social engineering., March 2023: Cyber insurance provider Coalition is set to enter the excess cyber insurance market in the United Kingdom to help protect businesses with enhanced coverage. The firm has confirmed that it will extend its reach to provide full-follow form coverage and protection of up to GBP 10 million (USD 12126000) above a primary layer of insurance from another insurer for both cyber and technology professional indemnity (PI) lines.. Key drivers for this market are: Data Privacy Regulations, Business Interruption. Potential restraints include: Data Privacy Regulations, Business Interruption. Notable trends are: Impact of Cyber Insurance Policy Coverage.

Key Features:

Extensive Global Coverage: Our database spans across multiple countries and industries, offering a diverse and extensive collection of decision makers. Reach out to key professionals worldwide and expand your business horizons.

Comprehensive Contact Details: Gain access to essential contact information, including names, job titles, email addresses, phone numbers, and company affiliations. Connect with the right individuals and nurture valuable business relationships.

GDPR Compliance: We prioritize data privacy and strictly adhere to the General Data Protection Regulation (GDPR) guidelines. Rest assured that our B2B Contact Database is GDPR compliant, ensuring the protection of personal and sensitive information.

A study conducted among *** websites in the UK showed that roughly ** percent of the websites was compliant with the General Data Protection Regulation (GDPR). The consent management platforms (CMP) displayed were in most cases not meeting the requirements of the EU law.

The Data Resiliency market is experiencing robust growth, projected to reach $16.65 billion by 2025 and maintain a Compound Annual Growth Rate (CAGR) of 18.5% from 2025 to 2033. This expansion is fueled by several key factors. The increasing frequency and severity of cyberattacks, coupled with stringent data privacy regulations like GDPR and CCPA, are driving organizations to prioritize data protection and recovery strategies. The rise of cloud computing, while offering scalability and flexibility, also introduces new vulnerabilities, thus boosting demand for robust data resiliency solutions. Furthermore, the growing adoption of digital transformation initiatives across various industries is generating massive amounts of data, making effective data management and resilience crucial for business continuity. The market is segmented by deployment (on-premises and cloud), with the cloud segment expected to witness faster growth due to its inherent scalability and cost-effectiveness. Competition is intensifying among leading companies, each employing various competitive strategies such as mergers and acquisitions, strategic partnerships, and product innovation to gain market share. North America currently holds a significant market share, driven by early adoption of advanced technologies and stringent regulatory frameworks. However, regions like APAC, particularly China and Japan, are exhibiting rapid growth potential due to increasing digitalization and investment in data infrastructure. The forecast period (2025-2033) presents significant opportunities for vendors offering innovative solutions that address the evolving data protection landscape. These include advanced backup and recovery solutions, data replication technologies, disaster recovery as a service (DRaaS), and robust security measures. While the market faces challenges such as high initial investment costs and complexity in implementing data resiliency strategies, the long-term benefits of preventing data loss and ensuring business continuity far outweigh the costs. The ongoing evolution of data storage technologies, coupled with the increasing sophistication of cyber threats, will continue to shape the market's trajectory, creating a dynamic environment for both established players and emerging companies.

Dataset on commits (and repositories) on GitHub making reference to data privacy legislation (covering laws: GDPR, CCPA, CPRA, UK DPA).

The dataset contains:
+ all_commits_info_merged-v2-SHA.csv : commits information as collected from various GitHub REST API calls (all data merged together).
+ repos_info_merged_USED-v2_with_loc.csv: repository information with some calculated data.
+ top-70-repos-commits-for-manual-check_commits-2coders.xlsx: results of the manual coding of the commits of the 70 most popular repositories in dataset.
+ user-rights-ω3.csv: different terms for user rights teriminology in legislation.
+ github_commits_analysis_replication.r: main analysis pipeline covering all RQs in the R programming language.

In order to perform also the initial data collection, the GitHub REST API can be used, collecting data using time intervals, for instance:
https://api.github.com/search/commits?q=%22GDPR%22+committer-date:2018-05-25..2018-05-30&sort=committer-date&order=asc&per_page=100&page=1

This dataset accompanies the following publication, so please cite it accordingly:

Georgia M. Kapitsaki, Maria Papoutsoglou, Evolution of repositories and privacy laws: commit activities in the GDPR and CCPA era, accepted for publication at Elsevier Journal of Systems & Software, 2025.

HitHorizons Employee Data API gives access to aggregated company data on 80M+ companies from the whole of Europe and beyond.

Company registration data: company name national identifier and its type registered address: street, postal code, city, state / province, country business activity: SIC code, local activity code with classification system year of establishment company type location type

Sales and number of employees data: sales in EUR, USD and local currency (with local currency code) total number of employees sales and number of employees accuracy local number of employees (in case of multiple branches) companies’ sales and number of employees market position compared to other companies in a country / industry / region

Industry data: size of the whole industry size of all companies operating within a particular SIC code benchmarking within a particular country or industry regional benchmarking (EU 27, state / province)

Contact details: company website company email domain (without person’s name)

Invoicing details available for selected countries: company name company address company VAT number

For step comparison, missing observation were deleted listwise, resulting in N = 1024.