UK & Italy Lead the Way for 2020 GDPR Penalties

Finbold, the online financial news and analysis portal, has released a report detailing the level of fines sanctioned during 2020 for violations of the European Union’s General Data Protection Regulation. It reveals that some €171.3m in financial penalties have been sanctioned by the various data protection agencies in EU Member States during the time period from January 1 2020 to December 31 2020.

299 is the total number of 299 GDPR penalty fines have been issued during 2020 in the EU.

The highest number of fines was issued by the Italian data protection body, Garante, totaling €58.16m in GDPR fines.  These penalties resolve 34 different violations of the GDPR data protection legislation in the Italian jurisdiction. The United Kingdom occupies second place on the list, having issued €43.9m in financial penalties for breaches of the GDPR.  The €43.9m was for three separate violations, and could have been much higher, and indicates a greater willingness by ICO, the UK data protection body, to issue large-scale fines for breaches of the GDPR.

The three fines in the UK were as follows:

The GDPR penalties in the UK and Italian jurisdictions alone account for 59.5% of the total fines for breaches of the data protection legislation.

Other EU member states listed in the top ten include Germany in 10th position with €37.39m and three major GDPR violations, Sweden in 4th place for 15 breaches and €14.27m in GDPR fines, and Spain in 5th position with €8m in GDPR financial penalties due to 28 breaches of GDPR.

The top ten list is as follows:

  1. Italy – €58,161,601
  2. United Kingdom – €43,901,000
  3. Germany – €37,398,708
  4. Sweden – €14,278,800
  5. Spain – €8,021,210
  6. France – €3,309,000
  7. Netherlands – €2,080,000
  8. Norway – €1,050,800
  9. Belgium – €793,000
  10. Ireland – €630,000

Finbold chief editor, Oliver Scott, referring to the recently-published report, saying, “Despite campaigns to have organizations enact better measures to protect consumer data, the violations recorded across the EU remain significant with the law coming into place in 2018. It will be interesting to see if organisations will take up extra responsibility to prevent breaches in 2021. However, stakes remain high for companies to avoid risking regulatory action for breaches and protecting reputation alongside legal actions.”


Author: GDPR News