Biggest GDPR Fines

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 2,638 reviews

Jump to Section

Need help with GDPR Compliance?

Post Project Now

Post Your Project (It's Free)

Get Bids to Compare

 Hire Your Lawyer

GDPR fines have been a hot topic since the law’s European inception. To avoid incurring penalties, data controllers and processors should have the proper protocols and contracts in place, including data transfer agreements , data processing agreements , and data protection agreements .

In this article, we help you understand penalties surrounding GDPR violations, offer real-world examples, and show you how to calculate GDPR fines.

What is the Penalty for a GDPR Violation?

The penalties for a General Data Protection Regulation (GDPR) violation can result in up to twenty million euros or four percent of the company’s global annual revenue from the previous year, whichever number is higher. EU legislators impose fines for penalties to enforce data protection compliance.

You can learn more about the GDPR through this web page .

GDPR Fine Examples

It is hard to imagine the magnitude of how massive GDPR fines can grow. Since penalties are variable according to the number of records exposed and the severity of the breach, they can easily reach the multi-million dollar range. In the last few years, there have been several high-profile GDPR breach cases with alarmingly high fines.

Here is an explanation of nine GDPR fine examples below:

Example 1. Amazon: $877 Million

Amazon received a massive GDPR fine. The violation relates to the companies cookie policy and consent procedures. This GDPR fine is not the first received by Amazon as they faced a $40,000 fine at the tail-end of 2020.

Example 2. Google: $56.6 Million

In 2019, Google received its fine in March 2020 and was the largest on record until the Amazon violation. They were fined for how Google communicated privacy policies to users. In this case, Google should have offered end-users more information in their privacy policy and user agreement .

Example 3. H & M: $41 million

German authorities fined H & M around $41 million for employee data violations. H & M did not take proper precautions to protect employee days off and unnecessarily shared videos of meetings with 50 other H & M managers. These meetings were used to make decisions about the employee’s performance without their knowledge or consent.

Example 4. British Airways: $26 million

British Airways received a GDPR fine related to a 2018 incident. Their fine was the result of a breached computer system that affected over 400,000 customers. Customer information, payment details, and log-in information were exposed at the time of the breach.

Example 5. Marriott: $23.8 million

After a database breach, Marriott hotels exposed 383 million guest records, and hackers obtained all collected customer information. The company could have avoided the fine if they had paid due diligence after acquiring Starwood Hotels.

Example 6. Google: $8.3 million

Google received another fine in 2020 for a GDPR violation. Sweden fined Google for failing to remove search result listings under the right to be forgotten principle. The search provider should have honored this right by ensuring that a process was available to respond to erasure requests without unnecessary delay.

Example 7. Fastweb: $5.5 million

This Italian telecommunications company received a massive fine in 2021 after engaging in telemarketing without obtaining consumer consent. The company was using fake or false telephone numbers that were not registered with communication operators, and Fastweb should have obtained consumer consent beforehand since this standard is very high.

Example 8. Bulgaria’s National Revenue Agency: $3 million

Bulgaria’s National Revenue Agency received a fine after a data breach affected five million people. The information leaked included names, contact details, and tax information. The agency failed to take proactive and effective technological measures to protect the data in its control.

All GDPR penalties are paid to the Information Commissioner’s Office (ICO) and into a government fund owned by the treasury. GDPR fines are utilized to fund public resources and services, and most European nations use the structure.

This article also contains examples of GDPR fines.

Meet some lawyers on our platform

Bryan B.

67 projects on CC
View Profile

Christopher M.

7 projects on CC
View Profile

Tabetha H.

10 projects on CC
View Profile

Sunnita B.

15 projects on CC
View Profile

How are GDPR Fines Calculated?

GDPR fines are calculated in generally the same manner as described in this article. However, several factors influence the total fine amount, including company size, size class, subcategory, average annual turnover, and the facts and circumstances of the violation. You should always work with a legal professional to help you determine if the GDPR fine you are receiving is fair and how to protect unfair or incorrect amounts.

Here are five steps for calculating GDPR fines:

Step 1. Categorize Your Company’s Size

Start by categorizing your company’s size. You can find your GDPR size class and subcategories through the GDPR website for more information.

Step 2. Account for Your Average Annual Turnover

After locating your company’s subgroup, determine the average annual turnover to which your company belongs. If your annual turnover exceeds 500 million euros, the maximum fine of two or four percent should be applied to your situation.

Step 3. Divide Your Average Annual Turnover by 360

In this next step, you will divide your average annual turnover by 360. This calculation determines the fine’s basic economic value.

Step 4. Classify the Basic Value Factor

Take the number from step three and classify the basic value factor. This number is defined as the severity of your offense. Determination of your basic value factor is based on concrete facts and circumstances and listed as light, medium, severe, or very severe.

Step 5. Adjust the Calculation

Finally, you will want to take your calculated amount and adjust it for the circumstances both in favor of and against the tortfeasor. Typically, these circumstances surround offense-related details, such as proceeding length and company insolvency. Depending upon the facts and circumstances, there could be reductions or increases that apply to your final number.

For greater clarity on calculating a GDPR fine, you can use the following formula to help:

Average annual turnover x Basic value factor = Amount of fine

It is not always easy to calculate a GDPR violation without professional help. Here is a web page that discusses penalties for GDPR violations.

Maximum Fine for Breach of GDPR

The maximum fine for a breach of the GDPR is 20 million euros or four percent of the preceding year’s revenues. A company will receive a penalty that is the greater of the two numbers. However, not every violation results in a data protection fine.

There is a wide range of other actions that they can take against offending companies, including:

  • Issuing reprimands and warnings
  • Temporarily or permanently banning data processing rights
  • Ordering the restriction or erasure of personally identifiable information (PII)
  • Rescinding data transfer rights to other countries

There are a host of penalties that the GDPR can impose. Check out this article for examples of GDPR breach costs.

Can an Individual be Fined for GDPR Breach?

Yes, an individual can be fined for a GDPR breach if they engage in a legitimate business. Otherwise, the violation falls under criminal activity and subsequent legal charges. If you have questions about whether you could be fined for a GDPR breach, speak with GDPR compliance lawyers to apply the law to your situation.

GDPR compliance is essential when soliciting Europeans and collecting their information. Otherwise, severe fines and penalties are on the line, not to mention the damage to your brand and intellectual property. Privacy lawyers in your state will help you understand the rules provided in the GDPR and how to structure your agreements so that they meet the requirements.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

View Jose
Member Since:
February 13, 2021

Jose P.

Partner
Free Consultation
Get Free Proposal
San Antonio, Dallas
22 Yrs Experience
Licensed in TX
University of Pennsylvania

I am a corporate lawyer with expertise working with small businesses, venture capital and healthcare. Previously, I worked at large law firms, as well as head attorney for companies. I graduated from Harvard College and University of Pennsylvania Law School. I speak 5 languages (Spanish, French, Italian and Russian, plus English), visited over 60 countries, and used to compete in salsa dancing!

View Briana
Member Since:
February 15, 2021

Briana C.

Founder, Branch Legal LLC
Free Consultation
Get Free Proposal
Boston
10 Yrs Experience
Licensed in CA, MA, NY
Columbia University School of Law

Legal services cost too much, and are often of low quality. I have devoted my law practice to providing the best work at the most affordable price—in everything from defending small businesses against patent trolls to advising multinational corporations on regulatory compliance to steering couples through a divorce.

View Meghan
Member Since:
February 15, 2021

Meghan P.

Attorney
Free Consultation
Get Free Proposal
Denver
4 Yrs Experience
Licensed in CA
University of Dayton

I am a licensed attorney and a member of the California Bar. I graduated from the University of Dayton School of Law's Program in Law and Technology. I love IP, tech transfers, licensing, and how the internet and developing technology is changing the legal landscape. I've interned at both corporations and boutique firms, and I've taken extensive specialized classes in intellectual property and technology law.

View Jo Ann
Member Since:
February 22, 2021

Jo Ann J.

Partner
Free Consultation
Get Free Proposal
Boston, MA
26 Yrs Experience
Licensed in MA
Suffolk Universtiy Law School

Jo Ann has been practicing for over 20 years, working primarily with high growth companies from inception through exit and all points in between. She is skilled in Mergers & Acquisitions, Contractual Agreements (including founders agreements, voting agreements, licensing agreements, terms of service, privacy policies, stockholder agreements, operating agreements, equity incentive plans, employment agreements, vendor agreements and other commercial agreements), Corporate Governance and Due Diligence.

View Charlotte
Member Since:
February 25, 2021

Charlotte L.

Self-Employed Legal Consultant
Free Consultation
Get Free Proposal
Arlington, VA
8 Yrs Experience
Licensed in DC, VA
University of Virginia School of Law

I hold a B.S. in Accounting and a B.A. in Philosophy from Virginia Tech (2009). I received my J.D. from the University of Virginia School of Law in 2012. I am an associate member of the Virginia Bar and an active member of the DC bar. Currently, I am working as a self-employed legal consultant and attorney. Primarily my clients are start-up companies for which I perform various types of legal work, including negotiating and drafting settlement, preparing operating agreements and partnership agreements, assisting in moving companies to incorporate in new states and setting up companies to become registered in a state, assisting with employment matters, drafting non-disclosure agreements, assisting with private placement offerings, and researching issues on intellectual property, local regulations, privacy laws, corporate governance, and many other facets of the law, as the need arises. I have previously practiced as an attorney at a small DC securities law firm and worked at Deloitte Financial Advisory Services LLC. My work experience is dynamic and includes many short-term and long term experience that span across areas such as maintaining my own blog, freelance writing, and dog walking. My diverse background has provided me with a stong skill set that can be easily adapted for new areas of work and indicates my ability to quickly learn for a wide array of clients.

View Don
Member Since:
March 1, 2021

Don G.

Attorney at law
Free Consultation
Get Free Proposal
Lafayette, LA
21 Yrs Experience
Licensed in TX
Texas Tech School of Law

Texas licensed attorney specializing for 20 years in Business and Contract law. My services include General Business Law Advisement; Contract Review and Drafting; Legal Research and Writing, including Motion Practice; Business Formation; Article or Instructive Writing; and more. For more insight into my skills and experience, please feel free to visit my LinkedIn profile or contact me with any questions.

View Jeremiah
Member Since:
March 5, 2021

Jeremiah C.

Partner/Attorney at Law
Free Consultation
Get Free Proposal
Houston, TX
14 Yrs Experience
Licensed in NV, TX
Thomas Jefferson

Creative, results driven business & technology executive with 24 years of experience (13+ as a business/corporate lawyer). A problem solver with a passion for business, technology, and law. I bring a thorough understanding of the intersection of the law and business needs to any endeavor, having founded multiple startups myself with successful exits. I provide professional business and legal consulting. Throughout my career I've represented a number large corporations (including some of the top Fortune 500 companies) but the vast majority of my clients these days are startups and small businesses. Having represented hundreds of successful crowdfunded startups, I'm one of the most well known attorneys for startups seeking CF funds. My engagements often include legal consultation & advisory roles, drafting of NDAs, TOS & Privacy Policies, contracts and corporate law, business strategy advice & consulting, in-house counsel, Founder & entrepreneur guidance and other roles as needed by my clients. I hold a Juris Doctor degree with a focus on Business/Corporate Law, a Master of Business Administration degree in Entrepreneurship, A Master of Education degree and dual Bachelor of Science degrees. I look forward to working with any parties that have a need for my skill sets.

View Adam
Member Since:
March 5, 2021

Adam B.

Managing Partner
Free Consultation
Get Free Proposal
San Mateo, California
24 Yrs Experience
Licensed in CA
McGeorge School of Law

Seasoned technology lawyer with 22+ years of experience working with the hottest start-ups through IPO and Fortune 50. My focus is primarily technology transactions with an emphasis on SaaS and Privacy, but I also provide GC services for more active clients.

View Benjamin
Member Since:
March 11, 2021

Benjamin W.

Founder
Free Consultation
Get Free Proposal
Los Angeles, CA
7 Yrs Experience
Licensed in CA
UCLA School of Law

I am a California-barred attorney specializing in business contracting needs. My areas of expertise include contract law, corporate formation, employment law, including independent contractor compliance, regulatory compliance and licensing, and general corporate law. I truly enjoy getting to know my clients, whether they are big businesses, small start-ups looking to launch, or individuals needing legal guidance. Some of my recent projects include: -drafting business purchase and sale agreements -drafting independent contractor agreements -creating influencer agreements -creating compliance policies and procedures for businesses in highly regulated industries -drafting service contracts -advising on CA legality of hiring gig workers including effects of Prop 22 and AB5 -forming LLCs -drafting terms of service and privacy policies -reviewing employment contracts I received my JD from UCLA School of Law and have been practicing for over five years in this area. I’m an avid reader and writer and believe those skills have served me well in my practice. I also complete continuing education courses regularly to ensure I am up-to-date on best practices for my clients. I pride myself on providing useful and accurate legal advice without complex and confusing jargon. I look forward to learning about your specific needs and helping you to accomplish your goals. Please reach out to learn more about my process and see if we are a good fit!

View Ema
Member Since:
March 12, 2021

Ema T.

Contract and IP Attorney
Free Consultation
Get Free Proposal
New York, NY
4 Yrs Experience
Licensed in NY
Chicago Kent

I am a NY licensed attorney experienced in business contracts, agreements, waivers and more, corporate law, and trademark registration. My office is a sole member Law firm therefore, I Take pride in giving every client my direct attention and focus. I focus on getting the job done fast while maintaining high standards.

View David
Member Since:
April 1, 2021

David B.

Attorney
Free Consultation
Get Free Proposal
Trussville, Alabama
26 Yrs Experience
Licensed in AL
Birmingham School of Law

A twenty-five year attorney and certified mediator native to the Birmingham, Alabama area.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call