In the six years that the European Union’s General Data Protection Regulation (GDPR) has been in force, €4.5 billion ($4.9 billion) in fines have been paid due to violations.
Research by NordLayer has revealed individual data protection authorities have issued 2,072 violations, highlighting that the regulation is being taken seriously and companies failing to adhere to the new measures are being punished.
Since its inception in May 2018, GDPR has significantly influenced data protection and privacy practices, however for many consumers, it has also added another layer of complexity.
GDPR fines prove companies are being penalized
Spain, Italy and Germany top the list for GDPR violations. Spanish businesses were the most frequently penalized, with 842 fines totaling €80 million. Despite receiving less than half the number of fines than Spain, Italy paid out around three times as much in fines, suggesting a higher average magnitude across the board. German companies were fined 186 times, resulting in €55 million in penalties.
Carlos Salas, a NordLayer cybersecurity expert, noted: “We've witnessed businesses across industries change their data handling practices and invest in security measures to achieve compliance… [GDPR] has reshaped the digital landscape, forcing a much-needed prioritization of privacy rights.”
Meta, responsible for six of the top 10 fines, was the most penalized company. Between the parent company and its Facebook and WhatsApp subsidiaries, it paid out €2.5 billion in fines, accounting for more than half of all the financial penalties.
Its biggest, a €1.2 billion fine for insufficient legal basis for data processing in 2023, far exceeded the second-biggest fine – a €746 million penalty given to Amazon. Other companies in the top 10 included TikTok and Google, with only one firm falling outside of the Big Tech category – Italy’s Enel Energia.
Salas summarized: “Data protection regulations evolve, and cyber threats become more sophisticated, so businesses must remain proactive in their data privacy and security approach.”
More from TechRadar Pro
- VPN privacy: more than 70% of providers are breaching GDPR
- We’ve rounded up a list of the best identity theft protection services
- Protect your online activity by using the best VPNs and the best privacy tools and anonymous browsers
