UPDATED: On January 6th, 2021, France’s regulator CNIL (Commission Nationale de l’Informatique et des Libertés) has outreached our editorial team to report three more major GDPR violations: Google LLC fined €60 million, Google Ireland fined €40 million, and Amazon Europe Core fined €35 million. These violations weren’t included in GDPR Enforcement Tracker database on which our report is based. Therefore, we have updated our GDPR Fines 2020 Report revealing that EU countries amass €306.3 million in GDPR fines in 2020, France and Italy account for 64.14% of all GDPR fines for the period. The 2020 figures may change if additional violations are found or reported by the regulators in 2021 for the previous period.
Data acquired from the GDPR Fines 2020 Report by Finbold.com indicates that a total of €171.3 million fines have been issued against European countries in 2020 alone. The fines were issued between January 1st, 2020, and January 1st, 2021.
Our GDPR Fines 2020 Report reveals that Italy accounts for the highest fines at €58.16 million of the total fines from 34 violations. The United Kingdom ranks second with €43.9 million in fines from only three violations. The two countries cumulatively account for 59.5% of all the EU GDPR fines. Germany is third at €37.39 million from three major violations.
Sweden’s 15 violations attracted €14.27 million in fines, while Spain closes the top five categories with €8 million in fines arising from 128 incidents. In 2020, a total of 299 fines were registered in the EU.
Picks for you
| Rank | Country | Total fine per country in EUR | Number of fines |
| 1 | France (updated with France regulator CNIL’s reported fines) | €138,309,000 | 8 |
| 2 | Italy | €58,161,601 | 34 |
| 3 | United Kingdom | €43,901,000 | 3 |
| 4 | Germany | €37,398,708 | 3 |
| 5 | Sweden | €14,278,800 | 15 |
| 6 | Spain | €8,021,210 | 128 |
| 7 | Netherlands | €2,080,000 | 3 |
| 8 | Norway | €1,050,800 | 11 |
| 9 | Belgium | €793,000 | 13 |
| 10 | Ireland | €630,000 | 4 |
The biggest single fine in 2020
Germany’s H&M Hennes & Mauritz online Shop AB & Co. KG was fined €35.25 million for data protection violations on specific incidents. This is the biggest single fine on a specific data breach incident in 2020. Italy’s TIM, a telecommunication operator, received the second-highest fines at €27.8 million. British Airways is third after amassing fines of €22.04 million.
The fine comes after over two years since the General Data Protection Regulation (GDPR) was implemented in the EU and EEA back on May 25, 2018.
Finbold.com chief editor Oliver Scott commented:
“Despite campaigns to have organizations enact better measures to protect consumer data, the violations recorded across the EU remain significant with the law coming into place in 2018. It will be interesting to see if organizations will take up extra responsibility to prevent breaches in 2021. However, stakes remain high for companies to avoid risking regulatory action for breaches and protecting reputation alongside legal actions.”
