Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



GDPR Fines Exceeded €170 Million in 2020

Fines issued for violations of the EU’s General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.

Fines issued for violations of the EU’s General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.

The GDPR, which requires organizations to protect the personal data and privacy of EU citizens, came into force in May 2018, and, based on publicly available information, it since resulted in fines totaling more than €250 million (roughly $300 million).

Due to the fact that not all fines are publicly reported and due to currency conversions it’s difficult to determine the exact total amount of GDPR fines. According to cloud management solutions provider CoreView, which keeps track of major GDPR fines, the total amount since 2018 is €288 million, of which approximately €103 million in 2019 and €184 million in 2020.

Financial analysis website Finbold, using data from, calculated that fines totaled €171.3 million in 2020. Based on this data, Italy paid the most fines, totaling €58 million, followed by the UK at €44 million and Germany at €37 million.

In terms of the number of fines in 2020, Spain is at the top with 128 fines, followed by Italy (34), Romania (26), Sweden (15), Belgium (13) and Norway (11).

Clothing retailer H&M got the biggest fine last year (€35 million), followed by Telecom Italia (€28 million), British Airways (€22 million), Marriott (€20 million), and Italian telecom operators Wind Tre (€17 million) and Vodafone Italia (€12 million).

2020 GDPR fines -- Credits:

Related: France Fines Google, Amazon 135 Mn Euros

Related: Swedish GDPR Fine Highlights Legal Challenges in Use of Biometrics

Advertisement. Scroll to continue reading.

Related: Web Hosting Firm Slapped With $10 Million GDPR Fine

Related: The Global Reach of GDPR

Related: GDPR Complaints Filed Against Eight International Streaming Companies

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights