General Data Protection Regulation (GDPR) established by the European Union is a formidable legal framework designed to regulate the processing and transfer of personal data across member states.
According to the data analyzed by the Atlas VPN team, companies had to pay over €1.5 billion in GDPR fines through the first half of 2023. On May 25th, GDPR celebrated its 5th anniversary. Throughout this time, businesses received 1679 fines combining to a sum of nearly €4 billion.
January and May were particularly noteworthy, with nearly €400 million and €1.2 billion in fines, respectively. Interestingly, both months saw fines issued against Meta Platforms which control Facebook, Instagram, WhatsApp, and other apps.
Although March only saw €1.5 million in fines, it was the month when businesses received the most penalties for data violations, with a total of 46 penalties issued.
February was the month with the least amount of fines issued in H1 2023, with only 34 fines accounting for €2.6 million in penalties. Overall, businesses received 237 fines throughout the first half of 2023.
Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on GDPR enforcement: “The GDPR fines are significantly impacting how businesses operate and handle data. Companies must prioritize data privacy and security to avoid potential fines and reputational damage. As we move forward, companies must continue investing in their data protection strategies and staying informed about any updates or changes to the GDPR.”
Countries with most GDPR violations
As we delve into the topic of countries with the most GDPR violations, it’s important to note that no country is immune to data privacy issues. However, some countries have had more violations than others.
Since the start of GDPR, Spain has accumulated 689 fines resulting in over €60 million in penalties. While the average of each fine is about €88K, Spanish businesses received more than 2 times the amount of fines than any other country.
Italy’s data protection authorities have issued 284 fines, totaling €133 million in penalties. The average fine here is about €468K. Germany has received the third-highest number of violations, totaling 160. These fines have resulted in penalties of €55 million.
Romania is the last country whose authorities have issued over 100 fines in the 5 years of GDPR’s existence. In addition, Romania has a very low average penalty of only €5390. Greece stands out from the rest of the countries with a high average per fine of €525K.