GDPR Fines Totalling €158 Million Issued in 340 Cases,
Jul 15, 2020,
Since rolling out in May 2018, there have been 340 GDPR fines issued by European data protection authorities.
Every one of the 28 EU nations, plus the United Kingdom, has issued at least one GDPR fine.
Nations with the highest fines:
Nations with the most fines:
Czech Republic: 13
UK organisations have been issued just seven fines, totalling over €640,000, by the Information Commissioner. The average penalty within the UK is €160,000. This does not include the potentially massive fines for Marriott International and British Airways that are still under review.
British Airways could face a fine of €204,600,000 for a data breach in 2019 that resulted in the loss of personal data of 500,000 customers.
Similarly, Marriott International suffered a breach that exposed 339 million people's data. The hotel group faces a fine of €110,390,200.
The largest GDPR fine to date was issued by French authorities to Google in January 2019. The €50 million was issued on the basis of "lack of transparency, inadequate information and lack of valid consent regarding ads personalisation."
Highest fines issued to Private individuals:
€20,000 issued to an individual in Spain for unlawful video surveillance of employees.
€11,000 issued to a soccer coach in Austria who was found to be secretly filming female players while they were taking showers.
€9,000 issued to another individual in Spain for unlawful video surveillance of employees.
€2,500 issued to a person in Germany who sent emails to several recipients, where each could see the other recipients' email addresses. Over 130 email addresses were visible.
€2,200 issued to a person in Austria for having unlawfully filmed public areas using a private CCTV system. The system filmed parking lots, sidewalks, a garden area of a nearby property, and it also filmed the neighbours going in and out of their homes