GDPR fines are designed to make non-compliance around data security a costly mistake and they can be separated into two tiers. Less severe infringements can result in a fine of €10 million or 2% of a firm’s annual revenue from the preceding financial year, depending on which amount is higher. More serious violations can result in a fine of up to €20 million or 4% of a firm’s annual revenue from the preceding year, depending on what is higher.
Both the uptick in violations and the record-breaking fines levied in 2021 highlight a growing lack of consent and transparency. Despite that worrying trend, it has been reassuring to see European regulators actively enforcing the law and imposing fines at a rate never seen before. Before 2021, the largest fine on record was levied in 2019 when Google was penalised €50 million for how it communicated privacy to its users as well as various data processing offences. As can be seen above, that sum has been dwarfed by both Amazon and WhatsApp this year. It’s going to be very interesting to see how the trend evolves in 2022.
Browse the full list of GDPR violations