GDPR violations have cost companies billions since being introduced

(Image credit: Shutterstock / Vector Image Plus)

In the six years that the European Union’s General Data Protection Regulation (GDPR) has been in force, €4.5 billion ($4.9 billion) in fines have been paid due to violations.

Research by NordLayer has revealed individual data protection authorities have issued 2,072 violations, highlighting that the regulation is being taken seriously and companies failing to adhere to the new measures are being punished.

Since its inception in May 2018, GDPR has significantly influenced data protection and privacy practices, however for many consumers, it has also added another layer of complexity.

GDPR fines prove companies are being penalized

Spain, Italy and Germany top the list for GDPR violations. Spanish businesses were the most frequently penalized, with 842 fines totaling €80 million. Despite receiving less than half the number of fines than Spain, Italy paid out around three times as much in fines, suggesting a higher average magnitude across the board. German companies were fined 186 times, resulting in €55 million in penalties.

Carlos Salas, a NordLayer cybersecurity expert, noted: “We've witnessed businesses across industries change their data handling practices and invest in security measures to achieve compliance… [GDPR] has reshaped the digital landscape, forcing a much-needed prioritization of privacy rights.”

Meta, responsible for six of the top 10 fines, was the most penalized company. Between the parent company and its Facebook and WhatsApp subsidiaries, it paid out €2.5 billion in fines, accounting for more than half of all the financial penalties.

Its biggest, a €1.2 billion fine for insufficient legal basis for data processing in 2023, far exceeded the second-biggest fine – a €746 million penalty given to Amazon. Other companies in the top 10 included TikTok and Google, with only one firm falling outside of the Big Tech category – Italy’s Enel Energia.

Salas summarized: “Data protection regulations evolve, and cyber threats become more sophisticated, so businesses must remain proactive in their data privacy and security approach.”

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!