According to the data presented by the Atlas VPN team, GDPR fines hit more than €1 billion, with 412 total penalties issued in 2021. In addition, companies like Amazon and WhatsApp had to pay off the most significant penalties for violating GDPR laws.
In 2018, when the EU implemented the GDPR law, a total of €436k in fines were issued to businesses. Next year, in 2019, the sum of total fines increased significantly to €72 million.
In 2020, the total worth of fines administered reached over €171 million by the end of the year. However, 2021 blew out past years by a significant margin, accumulating more than €1 billion in GDPR fines, a 521% increase compared to last year.
In July 2021, Amazon Europe Core S.à.r.l incurred the highest fine of €746 million. Later on, in September, the EU fined WhatsApp Ireland Ltd. €225 million, the second biggest penalty in GDPR history.
Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on GDPR benefits to EU citizens: “GDPR continues to successfully hold businesses accountable when they misuse people’s data or are ambiguous about their privacy policies. Companies became more responsible when handling their client information to avoid hefty fines from regulators, ultimately benefiting every EU citizen.”
GDPR fines comparison among countries
In some countries, updated privacy laws affected businesses significantly as they were fined appropriately under the new system.
- Spainhas accumulated 351 fines, resulting in €36.7 million worth of penalties. While the average penalty rounds to about €105K, Spain has gathered the most fines by far, compared to any other country.
- Italystands second on the list with 101 fines, which required businesses to pay nearly €90 million. The average penalty in Italy is about €887K, which stands out as one of the largest compared to other countries.
- Romaniaranks third on the list as it has imposed a total of 68 sanctions that sum up to €721K in fines. Even though they have issued many penalties, the average falls short of €11K.
- Hungaryand Norway follow fourth and fifth on the list with 45 and 40 sanctions since 2018, respectively. While Hungarian companies had to pay €828K in fines, Norwegian businesses racked up a total of nearly €9 million in mandated payments.
GDPR continues to successfully hold businesses accountable when they misuse people’s data or are ambiguous about their privacy policies. Companies became more responsible when handling their client information to avoid hefty fines from regulators, ultimately benefiting every EU citizen.