Fines issued for violations of the EU’s General Data Protection Regulation (GDPR) in 2020 exceeded €170 million, or roughly $200 million.
The GDPR, which requires organizations to protect the personal data and privacy of EU citizens, came into force in May 2018, and, based on publicly available information, it since resulted in fines totaling more than €250 million (roughly $300 million).
Due to the fact that not all fines are publicly reported and due to currency conversions it’s difficult to determine the exact total amount of GDPR fines. According to cloud management solutions provider CoreView, which keeps track of major GDPR fines, the total amount since 2018 is €288 million, of which approximately €103 million in 2019 and €184 million in 2020.
Financial analysis website Finbold, using data from enforcementtracker.com, calculated that fines totaled €171.3 million in 2020. Based on this data, Italy paid the most fines, totaling €58 million, followed by the UK at €44 million and Germany at €37 million.
In terms of the number of fines in 2020, Spain is at the top with 128 fines, followed by Italy (34), Romania (26), Sweden (15), Belgium (13) and Norway (11).
Clothing retailer H&M got the biggest fine last year (€35 million), followed by Telecom Italia (€28 million), British Airways (€22 million), Marriott (€20 million), and Italian telecom operators Wind Tre (€17 million) and Vodafone Italia (€12 million).
Related: The Global Reach of GDPR