The GDPR enforcement fines at glance

The General Data Protection Regulation (GDPR) came into force in 2018. After this enforcement, many fines have already been imposed by national data protection authorities in Europe. This paper examines the individual GDPR articles referenced in the enforcement decisions, as well as predicts the amount of enforcement fines with available meta-data and text mining features extracted from the enforcement decision documents. According to the results, three articles related to the general principles, lawfulness, and information security have been the most frequently referenced ones. Although the amount of fines imposed vary across the articles referenced, these three particular articles do not stand out. Furthermore, a better statistical evidence is available with other meta-data features, including information about the particular European countries in which the enforcements were made. Accurate predictions are attainable even with simple machine learning techniques for regression analysis. Basic text mining features outperform the meta-data features in this regard. In addition to these results, the paper reflects the GDPR’s enforcement against public administration obstacles in the European Union (EU), as well as discusses the use of automatic decision-making systems in judiciary. •The General Data Protection Regulation (GDPR) came into force in 2018.•This paper examines the recent GDPR enforcement fines.•Principles, lawfulness, and security justify the majority of enforcements.•The fines imposed vary across the articles referenced in the enforcements.•The enforcement fines can be predicted accurately with text mining features.