3 years since rolling out in May 2018, there have been 661 GDPR fines issued by European data protection authorities. Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.
While GDPR sets out the regulatory framework that all EU member states must follow, each state legislates independently and is allowed to interpret the regulations differently and impose their own fines to organizations that break the EU law.
Nations with the highest fines
- Italy: €76,217,601
- France: €54,661,300
- Germany: €49,186,833
- United Kingdom: €44,221,000
- Spain: €29,372,510
- Sweden: €12,332,430
- Netherlands:€ 5,012,500
- Bulgaria: €3,210,69
- Poland: €1,816,498
- Norway: €1,277,550
Nations with the most fines
- Spain: 222
- Italy: 73
- Romania: 54
- Hungary: 39
- Germany: 30
- Norway: 26
- Belgium: 25
- Czech Republic: 25
- Poland: 23
- Bulgaria: 20
Spain issued the largest number of GDPR fines by far – totaling 222 fines during the last 3 years since the GDPR is in effect. The second is Italy – far behind Spain – with just 73 fines. This again shows the significant discrepancy in regards to GDPR enforcement.
Spain and Italy are followed by Romania, issuing 54 fines and Hungary with 39 fines. After these, the number of fines issued by other countries drops sharply, with most other countries not issuing more than 10 fines total in the span of 3 years.
The largest GDPR fine in these three years was issued by French authorities in January 2019. This is followed by a fine in Germany of €32,258,708.
Highest fines issued to private individuals
- €20,000 issued to a private person in Spain for unlawful video surveillance of employees.
- €11,000 issued to a football coach in Austria who was found to be filming female players in the shower.
- €9,000 issued to a person in Spain for illegal video surveillance of employees.
- €2,500 issued to an individual in Germany who sent out emails to several persons, where each could see the other recipients’ email addresses.
- €2,200 issued to a person in Austria for having illegally filmed public areas using a personal CCTV system.
A GDPR tracking dashboard from Privacy Affairs displays official data from national data protection bodies to monitor the status of GDPR fines.
Source: HelpNetSecurity
Educating yourself and your employees with Cyber Security Awareness Training is the best way to start ensuring your business is protected from cyber-attacks.
Learn more about how The Cloud Consultancy can address and manage your businesses Cyber Security headaches. We can now provision boutique, pro-active, IT support services 24/7/365.