GDPR fines are designed to make non-compliance around data security a costly mistake and they can be separated into two tiers. Less severe infringements can result in a fine of €10 million or 2% of a firm’s annual revenue from the preceding financial year, depending on which amount is higher. More serious violations can result in a fine of up to €20 million or 4% of a firm’s annual revenue from the preceding year, depending on what is higher.
Both the uptick in violations and mammoth fines levied in recent years highlight a growing lack of consent and transparency. Despite that worrying trend, it has been reassuring to see European regulators actively enforcing the law and imposing fines at a rate never seen before. Before 2021, the largest fine on record was levied in 2019 when Google was penalised €50 million for how it communicated privacy to its users as well as various data processing offences. That sum was dwarfed Amazon’s record €746 million fine in July 2021 and multiple penalties since then have also run into hundreds of millions of euro. It’s going to be interesting to see just how high the fines are going to get in 2023.
Browse the full list of GDPR violations