Biggest GDPR Fines

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 4,069 reviews

Jump to Section

Need help with GDPR Compliance?

Post Project Now

GDPR fines have been a hot topic since the law’s European inception. To avoid incurring penalties, data controllers and processors should have the proper protocols and contracts in place, including data transfer agreements , data processing agreements , and data protection agreements .

In this article, we help you understand penalties surrounding GDPR violations, offer real-world examples, and show you how to calculate GDPR fines.

What is the Penalty for a GDPR Violation?

The penalties for a General Data Protection Regulation (GDPR) violation can result in up to twenty million euros or four percent of the company’s global annual revenue from the previous year, whichever number is higher. EU legislators impose fines for penalties to enforce data protection compliance.

You can learn more about the GDPR through this web page .

GDPR Fine Examples

It is hard to imagine the magnitude of how massive GDPR fines can grow. Since penalties are variable according to the number of records exposed and the severity of the breach, they can easily reach the multi-million dollar range. In the last few years, there have been several high-profile GDPR breach cases with alarmingly high fines.

Here is an explanation of nine GDPR fine examples below:

Example 1. Amazon: $877 Million

Amazon received a massive GDPR fine. The violation relates to the companies cookie policy and consent procedures. This GDPR fine is not the first received by Amazon as they faced a $40,000 fine at the tail-end of 2020.

Example 2. Google: $56.6 Million

In 2019, Google received its fine in March 2020 and was the largest on record until the Amazon violation. They were fined for how Google communicated privacy policies to users. In this case, Google should have offered end-users more information in their privacy policy and user agreement .

Example 3. H & M: $41 million

German authorities fined H & M around $41 million for employee data violations. H & M did not take proper precautions to protect employee days off and unnecessarily shared videos of meetings with 50 other H & M managers. These meetings were used to make decisions about the employee’s performance without their knowledge or consent.

Example 4. British Airways: $26 million

British Airways received a GDPR fine related to a 2018 incident. Their fine was the result of a breached computer system that affected over 400,000 customers. Customer information, payment details, and log-in information were exposed at the time of the breach.

Example 5. Marriott: $23.8 million

After a database breach, Marriott hotels exposed 383 million guest records, and hackers obtained all collected customer information. The company could have avoided the fine if they had paid due diligence after acquiring Starwood Hotels.

Example 6. Google: $8.3 million

Google received another fine in 2020 for a GDPR violation. Sweden fined Google for failing to remove search result listings under the right to be forgotten principle. The search provider should have honored this right by ensuring that a process was available to respond to erasure requests without unnecessary delay.

Example 7. Fastweb: $5.5 million

This Italian telecommunications company received a massive fine in 2021 after engaging in telemarketing without obtaining consumer consent. The company was using fake or false telephone numbers that were not registered with communication operators, and Fastweb should have obtained consumer consent beforehand since this standard is very high.

Example 8. Bulgaria’s National Revenue Agency: $3 million

Bulgaria’s National Revenue Agency received a fine after a data breach affected five million people. The information leaked included names, contact details, and tax information. The agency failed to take proactive and effective technological measures to protect the data in its control.

All GDPR penalties are paid to the Information Commissioner’s Office (ICO) and into a government fund owned by the treasury. GDPR fines are utilized to fund public resources and services, and most European nations use the structure.

This article also contains examples of GDPR fines.

Meet some lawyers on our platform

Ralph S.

2 projects on CC
View Profile

Gregory F.

4 projects on CC
View Profile

Daniel R.

12 projects on CC
View Profile

Richard N.

93 projects on CC
View Profile

How are GDPR Fines Calculated?

GDPR fines are calculated in generally the same manner as described in this article. However, several factors influence the total fine amount, including company size, size class, subcategory, average annual turnover, and the facts and circumstances of the violation. You should always work with a legal professional to help you determine if the GDPR fine you are receiving is fair and how to protect unfair or incorrect amounts.

Here are five steps for calculating GDPR fines:

Step 1. Categorize Your Company’s Size

Start by categorizing your company’s size. You can find your GDPR size class and subcategories through the GDPR website for more information.

Step 2. Account for Your Average Annual Turnover

After locating your company’s subgroup, determine the average annual turnover to which your company belongs. If your annual turnover exceeds 500 million euros, the maximum fine of two or four percent should be applied to your situation.

Step 3. Divide Your Average Annual Turnover by 360

In this next step, you will divide your average annual turnover by 360. This calculation determines the fine’s basic economic value.

Step 4. Classify the Basic Value Factor

Take the number from step three and classify the basic value factor. This number is defined as the severity of your offense. Determination of your basic value factor is based on concrete facts and circumstances and listed as light, medium, severe, or very severe.

Step 5. Adjust the Calculation

Finally, you will want to take your calculated amount and adjust it for the circumstances both in favor of and against the tortfeasor. Typically, these circumstances surround offense-related details, such as proceeding length and company insolvency. Depending upon the facts and circumstances, there could be reductions or increases that apply to your final number.

For greater clarity on calculating a GDPR fine, you can use the following formula to help:

Average annual turnover x Basic value factor = Amount of fine

It is not always easy to calculate a GDPR violation without professional help. Here is a web page that discusses penalties for GDPR violations.

Maximum Fine for Breach of GDPR

The maximum fine for a breach of the GDPR is 20 million euros or four percent of the preceding year’s revenues. A company will receive a penalty that is the greater of the two numbers. However, not every violation results in a data protection fine.

There is a wide range of other actions that they can take against offending companies, including:

  • Issuing reprimands and warnings
  • Temporarily or permanently banning data processing rights
  • Ordering the restriction or erasure of personally identifiable information (PII)
  • Rescinding data transfer rights to other countries

There are a host of penalties that the GDPR can impose. Check out this article for examples of GDPR breach costs.

Can an Individual be Fined for GDPR Breach?

Yes, an individual can be fined for a GDPR breach if they engage in a legitimate business. Otherwise, the violation falls under criminal activity and subsequent legal charges. If you have questions about whether you could be fined for a GDPR breach, speak with GDPR compliance lawyers to apply the law to your situation.

GDPR compliance is essential when soliciting Europeans and collecting their information. Otherwise, severe fines and penalties are on the line, not to mention the damage to your brand and intellectual property. Privacy lawyers in your state will help you understand the rules provided in the GDPR and how to structure your agreements so that they meet the requirements.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

Joseph L. on ContractsCounsel
View Joseph
5.0 (13)
Member Since:
July 25, 2021

Joseph L.

Free Consultation
Get Free Proposal
40 Yrs Experience
Licensed in CT
Southwestern University School of Law

Mr. LaRocco's focus is business law, corporate structuring, and contracts. He has a depth of experience working with entrepreneurs and startups, including some small public companies. As a result of his business background, he has not only acted as general counsel to companies, but has also been on the board of directors of several and been a business advisor and strategist. Some clients and projects I have recently done work for include a hospitality consulting company, a web development/marketing agency, a modular home company, an e-commerce consumer goods company, an online ordering app for restaurants, a music file-sharing company, a company that licenses its photos and graphic images, a video editing company, several SaaS companies, a merchant processing/services company, a financial services software company that earned a licensing and marketing contract with Thomson Reuters, and a real estate software company.

Harry S. on ContractsCounsel
View Harry
5.0 (1)
Member Since:
July 27, 2021

Harry S.

Free Consultation
Get Free Proposal
9 Yrs Experience
Licensed in NY

Stirk Law is a law firm based in London that advises on dispute resolution, commercial and corporate arrangements, employment and private wealth. We are experts in our areas and experienced in advising on complex and high value matters in the UK and internationally. We have extensive onshore and offshore experience across a variety of areas such as the administration of trusts together with complex fraud and trust disputes. Our expertise includes the conduct of significant and high-value cases valued at up to in excess of £1 billion over a combined 40 years of legal practice in England, Jersey and Guernsey. As well as having a large international network, we work closely with a corporate investigations and risk advisory business based in London and Vienna. Together we can deliver a holistic service for cases involving fraud, dissipation of assets or other illegal activity.

Talin H. on ContractsCounsel
View Talin
5.0 (1)
Member Since:
July 29, 2021

Talin H.

Free Consultation
Get Free Proposal
14 Yrs Experience
Licensed in IL
DePaul College of Law

Talin has over a decade of focused experience in business and international law. She is fiercely dedicated to her clients, thorough, detail-oriented, and gets the job done.

Craig M. on ContractsCounsel
View Craig
5.0 (3)
Member Since:
August 2, 2021

Craig M.

Free Consultation
Get Free Proposal
7 Yrs Experience
Licensed in ME
New York Law School

I have been practicing law for more than 4 years at a small firm in York County, Maine. I recently decided to hang my shingle, Dirigo Law LLC. My practice focuses mostly on Real Estate / Corporate transactions, Wills, Trusts, and Probate matters.

Melissa G. on ContractsCounsel
View Melissa
5.0 (1)
Member Since:
August 5, 2021

Melissa G.

Owner/Managing Member
Free Consultation
Get Free Proposal
19 Yrs Experience
Licensed in DC, IL, OH
University of Michigan

Melissa Green recently opened her own law firm which focuses on providing general counsel subscription services (think of it as your attorney "on-call"), business formation services, and contract services (including review and mark-up, custom contracts, templates, and negotiation assistance). Prior to opening her own firm, Melissa joined the American Medical Association (AMA) as an Assistant General Counsel in November 2019. In her role at the AMA, Melissa supported the CPT and Masterfile licensing programs, in addition to supporting the legal needs of the Professional Satisfaction and Practice Sustainability business unit. Prior to arriving at the AMA, Melissa was the Chief Legal Counsel and Privacy Officer at The Chartis Group, a healthcare advisory services and analytics company, headquartered in Chicago, where she was responsible for commercial transactions for Chartis and its wholly owned SaaS company, and also served as the organization’s privacy officer responsible for HIPAA compliance. Melissa started her legal career in Cincinnati, Ohio at the law firm of Frost Brown Todd where she served as an associate in the Corporate department doing healthcare transactions, securities, and general corporate work. In 2007, Melissa transitioned into her first in-house counsel role at GE Aviation. During her time at GE, she had many roles including supporting new engine sales transactions for the Europe/Middle East/Africa region, its Electric Power business located in Dayton, its Engine Services business (supporting the CF34 and CF6 engine lines), and compliance. Upon leaving GE, Melissa had a brief stint at MedStar in Virginia before accepting a full-time position at the University of Maryland Medical System in Baltimore, Maryland in July 2013. Originally from East Lansing, Michigan, Melissa received her bachelor’s graduate from Michigan State University’s – James Madison College and is a graduate of the University of Michigan Law School.

Yaser M. on ContractsCounsel
View Yaser
Member Since:
July 21, 2021

Yaser M.

Self Employed
Free Consultation
Get Free Proposal
13 Yrs Experience
Licensed in TX
University of London

I have practiced law in foreign jurisdiction for more than 11 years and more than one year in Texas. I am Texas licensed attorney. Practice areas include Corporate: incorporation of business entities, drafting of operating agreements, by-laws, and business contracts; Commercial: business disputes, demand letters, cease and desist lettera, dealing with insurance companies, negotiations, settlements of disputes, commercial real estate, and business litigation Litigation: business disputes, personal injury, civil rights, cross-border matters, maritime matters, drafting of litigation pleadings, motion practice, legal research, white-collar defense.

Stanley K. on ContractsCounsel
View Stanley
Member Since:
July 29, 2021

Stanley K.

Corporate Attorney
Free Consultation
Get Free Proposal
Waltham, MA
29 Yrs Experience
Licensed in CA, MA, TX
University of Texas School of Law

Stan provides legal services to small to medium-sized clients in the New England region, and throughout the U.S. and abroad. His clients are involved in a variety of business sectors, including software development, e-commerce, investment management and advising, health care, manufacturing, biotechnology, telecommunications, retailing, and consulting and other services. Stan focuses on the unique needs of each of his clients, and seeks to establish long term relationships with them by providing timely, highly professional services and practical business judgment. Each client's objectives, business and management styles are carefully considered to help him provide more focused and relevant services. Stan also acts as an outsourced general counsel for some of his clients for the general management of their legal function, including the establishment of budgets, creation of internal compliance procedures, and the oversight of litigation or other outside legal services.

Sam W. on ContractsCounsel
View Sam
Member Since:
July 30, 2021

Sam W.

Entertainment attorney
Free Consultation
Get Free Proposal
Los Angeles
9 Yrs Experience
Licensed in CA
Columbus School of Law, The Catholic University of America

Entertainment attorney and film producer. Counsel clients on all matter of entertainment-related contracts, including talent representation, crew deals, financing agreements, and production legal. Former litigation attorney and owner of a documentary and scripted film and television production company. Well versed in small business foundation and general business contracts.

Robert D. on ContractsCounsel
View Robert
Member Since:
August 3, 2021

Robert D.

Solo Practitioner
Free Consultation
Get Free Proposal
Cincinnati, OH
29 Yrs Experience
Licensed in DC, NY
University North Carolina Chapel Hill School of Law

Robert is a skilled corporate lawyer, licensed to practice law in NY and DC. He has over 25 years of experience, with a focus on Venture Capital, Private Equity, M&A, General Business Law and Company Formation. Robert brings business side experience to every legal transactions. This allows him to shape a client's legal needs around its business goals to drive success in an effective and efficient manner.

Tim M. on ContractsCounsel
View Tim
Member Since:
August 3, 2021

Tim M.

Managing Partner
Free Consultation
Get Free Proposal
Cambridge, MA
25 Yrs Experience
Licensed in MA, NY
Boston College Law School

Tim has 20 years of experience representing a wide variety of emerging and established companies in the technology, software, bitcoin and professional services industries. He works directly with his clients’ executives and boards of directors on corporate, intellectual property, and securities law issues. Recently, Tim has advised clients on Series A and Series B financings, corporate structuring, complex video licensing agreements, and structuring new hedge funds. Tim previously served as Forrester Research, Inc.’s General Counsel and Secretary where he was chief legal officer, led the company’s legal group, and managed the company’s legal and regulatory affairs. Tim played an integral role in the company’s initial public offering in 1997 and coordinated its secondary offering in 2000. He directed the legal process in the company’s acquisitions of Giga Information Group, Inc., Fletcher Research and Forit GmbH and oversaw over $125million in transactions. He also managed the company’s intellectual property assets. Tim is admitted to practice in Massachusetts and New York. Tim holds a Juris Doctor degree from the Boston College Law School and a Bachelor of Arts degree from Trinity College

Spencer W. on ContractsCounsel
View Spencer
Member Since:
August 4, 2021

Spencer W.

Free Consultation
Get Free Proposal
New York
12 Yrs Experience
Licensed in NY
Columbia Law School

I’m a New York based attorney with substantial experience in media and art law, corporate structuring and commercial contracts. For the past several years, I have been advising startups and new business on their legal needs, with a special focus on tech and entertainment.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call