Biggest GDPR Fines

Jump to Section

Need help with GDPR Compliance?

Post Project Now

GDPR fines have been a hot topic since the law’s European inception. To avoid incurring penalties, data controllers and processors should have the proper protocols and contracts in place, including data transfer agreements , data processing agreements , and data protection agreements .

In this article, we help you understand penalties surrounding GDPR violations, offer real-world examples, and show you how to calculate GDPR fines.

What is the Penalty for a GDPR Violation?

The penalties for a General Data Protection Regulation (GDPR) violation can result in up to twenty million euros or four percent of the company’s global annual revenue from the previous year, whichever number is higher. EU legislators impose fines for penalties to enforce data protection compliance.

You can learn more about the GDPR through this web page .

GDPR Fine Examples

It is hard to imagine the magnitude of how massive GDPR fines can grow. Since penalties are variable according to the number of records exposed and the severity of the breach, they can easily reach the multi-million dollar range. In the last few years, there have been several high-profile GDPR breach cases with alarmingly high fines.

Here is an explanation of nine GDPR fine examples below:

Example 1. Amazon: $877 Million

Amazon received a massive GDPR fine. The violation relates to the companies cookie policy and consent procedures. This GDPR fine is not the first received by Amazon as they faced a $40,000 fine at the tail-end of 2020.

Example 2. Google: $56.6 Million

In 2019, Google received its fine in March 2020 and was the largest on record until the Amazon violation. They were fined for how Google communicated privacy policies to users. In this case, Google should have offered end-users more information in their privacy policy and user agreement .

Example 3. H & M: $41 million

German authorities fined H & M around $41 million for employee data violations. H & M did not take proper precautions to protect employee days off and unnecessarily shared videos of meetings with 50 other H & M managers. These meetings were used to make decisions about the employee’s performance without their knowledge or consent.

Example 4. British Airways: $26 million

British Airways received a GDPR fine related to a 2018 incident. Their fine was the result of a breached computer system that affected over 400,000 customers. Customer information, payment details, and log-in information were exposed at the time of the breach.

Example 5. Marriott: $23.8 million

After a database breach, Marriott hotels exposed 383 million guest records, and hackers obtained all collected customer information. The company could have avoided the fine if they had paid due diligence after acquiring Starwood Hotels.

Example 6. Google: $8.3 million

Google received another fine in 2020 for a GDPR violation. Sweden fined Google for failing to remove search result listings under the right to be forgotten principle. The search provider should have honored this right by ensuring that a process was available to respond to erasure requests without unnecessary delay.

Example 7. Fastweb: $5.5 million

This Italian telecommunications company received a massive fine in 2021 after engaging in telemarketing without obtaining consumer consent. The company was using fake or false telephone numbers that were not registered with communication operators, and Fastweb should have obtained consumer consent beforehand since this standard is very high.

Example 8. Bulgaria’s National Revenue Agency: $3 million

Bulgaria’s National Revenue Agency received a fine after a data breach affected five million people. The information leaked included names, contact details, and tax information. The agency failed to take proactive and effective technological measures to protect the data in its control.

All GDPR penalties are paid to the Information Commissioner’s Office (ICO) and into a government fund owned by the treasury. GDPR fines are utilized to fund public resources and services, and most European nations use the structure.

This article also contains examples of GDPR fines.

Meet some lawyers on our platform

Max M.

7 projects on CC
View Profile

Forest H.

40 projects on CC
View Profile

Scott S.

1 project on CC
View Profile

Sarah K.

11 projects on CC
View Profile

How are GDPR Fines Calculated?

GDPR fines are calculated in generally the same manner as described in this article. However, several factors influence the total fine amount, including company size, size class, subcategory, average annual turnover, and the facts and circumstances of the violation. You should always work with a legal professional to help you determine if the GDPR fine you are receiving is fair and how to protect unfair or incorrect amounts.

Here are five steps for calculating GDPR fines:

Step 1. Categorize Your Company’s Size

Start by categorizing your company’s size. You can find your GDPR size class and subcategories through the GDPR website for more information.

Step 2. Account for Your Average Annual Turnover

After locating your company’s subgroup, determine the average annual turnover to which your company belongs. If your annual turnover exceeds 500 million euros, the maximum fine of two or four percent should be applied to your situation.

Step 3. Divide Your Average Annual Turnover by 360

In this next step, you will divide your average annual turnover by 360. This calculation determines the fine’s basic economic value.

Step 4. Classify the Basic Value Factor

Take the number from step three and classify the basic value factor. This number is defined as the severity of your offense. Determination of your basic value factor is based on concrete facts and circumstances and listed as light, medium, severe, or very severe.

Step 5. Adjust the Calculation

Finally, you will want to take your calculated amount and adjust it for the circumstances both in favor of and against the tortfeasor. Typically, these circumstances surround offense-related details, such as proceeding length and company insolvency. Depending upon the facts and circumstances, there could be reductions or increases that apply to your final number.

For greater clarity on calculating a GDPR fine, you can use the following formula to help:

Average annual turnover x Basic value factor = Amount of fine

It is not always easy to calculate a GDPR violation without professional help. Here is a web page that discusses penalties for GDPR violations.

Maximum Fine for Breach of GDPR

The maximum fine for a breach of the GDPR is 20 million euros or four percent of the preceding year’s revenues. A company will receive a penalty that is the greater of the two numbers. However, not every violation results in a data protection fine.

There is a wide range of other actions that they can take against offending companies, including:

  • Issuing reprimands and warnings
  • Temporarily or permanently banning data processing rights
  • Ordering the restriction or erasure of personally identifiable information (PII)
  • Rescinding data transfer rights to other countries

There are a host of penalties that the GDPR can impose. Check out this article for examples of GDPR breach costs.

Can an Individual be Fined for GDPR Breach?

Yes, an individual can be fined for a GDPR breach if they engage in a legitimate business. Otherwise, the violation falls under criminal activity and subsequent legal charges. If you have questions about whether you could be fined for a GDPR breach, speak with GDPR compliance lawyers to apply the law to your situation.

GDPR compliance is essential when soliciting Europeans and collecting their information. Otherwise, severe fines and penalties are on the line, not to mention the damage to your brand and intellectual property. Privacy lawyers in your state will help you understand the rules provided in the GDPR and how to structure your agreements so that they meet the requirements.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

ContractsCounsel verified
12 years practicing
Free Consultation

Pico & Kooker provides hands on legal advice in structuring, drafting, negotiating, interpreting, managing and enforcing complex high value commercial transactions. Adept at navigating complex environments, Jonathan has extensive expertise advising clients on a wide range of long- and medium-term cross border and financial engagements, including public tender participation, PPPs, export sales agreements as well as policy and regulatory formulation. Jonathan and his co-founder, Eva Pico have represented and acted on behalf of lenders, global corporations and other market participants across a range of industries including financial services, infrastructure and transportation. As outside counsel, Pico & Kooker, has developed a strong rapport and working relationship with their clients and appropriately work with their in-house teams to increase consistency, processes and procedures. The company employs a unique approach as practical, business minded outside legal counsel who believe in proactively partnering with their clients to achieve desired results while managing and engaging key stakeholders. They listen to their clients to develop customized solutions that best meet their needs while aligning with their objectives, vision and values. Some representative transactions include advising the World Bank on project finance and portfolio options to address the costs and risks associated with integrating renewable power sources. Also advising them as legal counsel, Jonathan developed policies, regulation and models for emerging market governments entering into public-private partnerships. In addition to his work with the World Bank, Jonathan has worked with some of the world’s largest consulting firms, financial institutions and governmental organizations, including the United Nations, the governments of the US, UK and select African countries. Through out his career, he has worked with large, multinational corporations both by consulting in-house and acting as outside counsel on large cross-border transactions. He graduated from Georgetown University’s law school and was admitted practice as a lawyer in New York, England and Wales and, as a foreign lawyer, in Germany. He has written several articles for trade journals and has been cited by several business publications in worldwide. Jonathan is a native English speaker and has high proficiency in German and a functional understanding of Spanish.

ContractsCounsel verified
Founding Attorney
1 year practicing
Free Consultation

I am a solo practitioner and the founding attorney at Uzay Law, PLLC, which provides legal services in O non-immigrant visas, EB-1 and EB-2 NIW employment-based green cards, family-based green cards, citizenship and naturalization as well as contract review, drafting and negotiation for creatives. I am licensed to practice law in Texas. Prior to practicing law, I worked as a producer and film consultant for over fifteen years. I was previously in charge of the film grant program at the Conference on Jewish Material Claims Against Germany where I oversaw the funding of award-winning Holocaust films. I am fluent in English and Turkish.

ContractsCounsel verified
Attorney at Law
23 years practicing
Free Consultation

I am a startup veteran with a demonstrated history of execution with companies from formation through growth stage and acquisition. A collaborative and data-driven manager, I love to build and lead successful teams, and enjoy working full-stack across all aspects of the business.

ContractsCounsel verified
31 years practicing
Free Consultation

I am a partner in Flatiron Law Group's Emerging Companies and Venture Capital practice based in Silicon Valley. I bring over thirty years’ experience working in private practice and as outside general counsel, advising innovative companies in the software and hardware, wireless/ IoT, and ecommerce spaces through their lifecycle—from formation and launch, through key milestones to exit. I have experience supporting clients across a broad range of transactions, and focus on the intersection of law, business technology and data, providing product counseling and strategic advice to multidisciplinary founder teams.

ContractsCounsel verified
17 years practicing
Free Consultation

Fractional General Counsel for emerging and middle-market companies and entrepreneurs. We are a boutique firm committed to personalized, thoughtful, and cost effective legal, business, strategy and risk advisory solutions...all for a fixed monthly or project specific fee. We are more than legal expertise. We help make you and your business better and more profitable.

ContractsCounsel verified
Senior Managing Attorney
12 years practicing
Free Consultation

As an entrepreneur at heart, I enjoy working with business owners and executives on a variety of corporate matters, including mergers and acquisitions, corporate financing, corporate governance, public and private securities offerings, privacy regulation and early-stage corporate matters including formation. As a lawyer and business professional, I understand the value of providing personal service and focused legal answers to clients navigating a rapidly changing regulatory environment. Whether in Aerospace, Consumer Goods, or Technology, I find great success in work collaboratively with clients to strategical structure their business or implementing strategic growth-oriented financing opportunities.

ContractsCounsel verified
24 years practicing
Free Consultation

Experienced legal counsel to entrepreneurs, small businesses, and investors. Advising clients starting, buying, selling, operating, financing, and investing in businesses // U.S. Army Veteran // Dog Lover // Ironman Triathlete, Marathoner, Open Water Swimmer, USAT Triathlon Coach // Oenophile

ContractsCounsel verified
Shareholder Attorney
29 years practicing
Free Consultation

Experience as lawyer in large, small and solo firm settings and as in-house General Counsel for a manufacturing business. Expertise in commercial contracts between businesses, business sale and purchase contracts, employment contracts, intellectual property licensing and work-for-hire agreements. Additional expertise in trademark application and prosecution, copyright registration, appeals work in areas of intellectual property and employment law, business formation and governance documents, state and federal employment matters under the FSLA, construction agreements, Lien law, LLC Start-ups, Operating Agreements, partnerships, S-Corp set ups, Nonprofit Corporations, NDAs, executive and employee contracts, independent contractor agreements, severance, and restrictive covenants agreements, and employment/wrongful termination disputes, franchising law, real estate transactions for business and personal property, Asset Purchase Agreements, personal and commercial leases, drafting wills, estate planning documents, prenuptial and postnuptial agreements, marital property agreements, Promissory Note Agreements, Security Agreements, Personal Guarantees, and land contract sales and purchases; technology agreements, website policy agreements, privacy, copyright, and terms of use agreements, SaaS agreements, landlord/tenant law.

ContractsCounsel verified
17 years practicing
Free Consultation

I'm an employment lawyer. I counsel and represent employees in all professions, from hourly workers to doctors and all in between. I also counsel and represent employers in many aspects of employment law.

ContractsCounsel verified
14 years practicing
Free Consultation

Scott graduated from Cardozo Law School and also has an English degree from Penn. His practice focuses on business law and contracts, with an emphasis on commercial transactions and negotiations, document drafting and review, employment, business formation, e-commerce, technology, healthcare, privacy, data security and compliance. While he's worked with large, established companies, he particularly enjoys collaborating with startups. Prior to starting his own practice in 2011, Scott worked in-house for over 5 years with businesses large and small. He also handles real estate leases, website and app Terms of Service and privacy policies, and pre- and post-nup agreements.

ContractsCounsel verified
19 years practicing
Free Consultation

Oscar is a St. Petersburg native. He is a graduate of the University of Florida and Stetson University, College of Law. A former US Army Judge Advocate, Oscar has more than 20 years of experience in Estate Planning, Real Estate, Small Business, Probate, and Asset Protection law. A native of St. Petersburg, Florida, and a second-generation Gator, he received a B.A. from the University of Florida and a J.D. from Stetson University’s College of Law. Oscar began working in real estate sales in 1994 prior to attending law school. He continued in real estate, small business law, and Asset Protection as an associate attorney with the firm on Bush, Ross, Gardner, Warren, & Rudy in 2002 before leaving to open his own practice. Oscar also held the position of Sales & Marketing Director for Ballast Point Homes separately from his law practice. He is also a licensed real estate broker and owner of a boutique real estate brokerage. As a captain in the US Army JAG Corps, he served as a Judge Advocate in the 3rd Infantry Division and then as Chief of Client Services, Schweinfurt, Germany, and Chief of Criminal Justice for the 200th MP Command, Ft. Meade, Maryland. He is a certified VA attorney representative and an active member of VARep, an organization of real estate and legal professionals dedicated to representing and educating veterans. Oscar focuses his practice on real small business and asset protection law.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call