More than 600 fines imposed in the first three years of GDPR Enforcement Tracker


This is evident from figures from the CMS.Law GDPR Enforcement Tracker and the GDPR Fines Tracker from Privacy Affairs. According to the GDPR Enforcement Tracker, this involves 636 fines with a total amount of more than 283 million euros. The GDPR Fines Tracker amounts to 661 fines with a total amount of more than 292 million euros.


Most GDPR fines were handed out by the Spanish privacy regulator AEPD, namely 223. The Italian data protection authority is responsible for the highest total amount with a total amount of more than 76 million euros. The Dutch Data Protection Authority has imposed a total of twelve fines since 25 May 2018.


Top 5 GDPR fines in the EU

A fine of up to 20 million euros or four percent of the total worldwide annual turnover, whichever is more, can be imposed for violating the GDPR. Below is an overview of the five highest GDPR fines in the past three years and by which country the fine was imposed.


Google - 50 million euros (France)

  1. H&M Hennes & Mauritz Online Shop - 35 million euros (Germany)
  2. Telecom company TIM - 27.8 million euros (Italy)
  3. British Airways - EUR 22 million (United Kingdom).
  4. Marriott International - 20.4 million euros (United Kingdom)

Previous Post Next Post