Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

GDPR violations have cost companies billions since being introduced

GDPR.

In the six years that the European Union’s General Data Protection Regulation (GDPR) has been in force, €4.5 billion ($4.9 billion) in fines have been paid due to violations.

Research by NordLayer has revealed individual data protection authorities have issued 2,072 violations, highlighting that the regulation is being taken seriously and companies failing to adhere to the new measures are being punished.

Since its inception in May 2018, GDPR has significantly influenced data protection and privacy practices, however for many consumers, it has also added another layer of complexity.

GDPR fines prove companies are being penalized

Spain, Italy and Germany top the list for GDPR violations. Spanish businesses were the most frequently penalized, with 842 fines totaling €80 million. Despite receiving less than half the number of fines than Spain, Italy paid out around three times as much in fines, suggesting a higher average magnitude across the board. German companies were fined 186 times, resulting in €55 million in penalties.

Carlos Salas, a NordLayer cybersecurity expert, noted: “We've witnessed businesses across industries change their data handling practices and invest in security measures to achieve compliance… [GDPR] has reshaped the digital landscape, forcing a much-needed prioritization of privacy rights.”

Meta, responsible for six of the top 10 fines, was the most penalized company. Between the parent company and its Facebook and WhatsApp subsidiaries, it paid out €2.5 billion in fines, accounting for more than half of all the financial penalties.

Its biggest, a €1.2 billion fine for insufficient legal basis for data processing in 2023, far exceeded the second-biggest fine – a €746 million penalty given to Amazon. Other companies in the top 10 included TikTok and Google, with only one firm falling outside of the Big Tech category – Italy’s Enel Energia.

Salas summarized: “Data protection regulations evolve, and cyber threats become more sophisticated, so businesses must remain proactive in their data privacy and security approach.”

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.