Skip to content

UPDATED: EU countries amass €306.3 million in GDPR fines in 2020, France and Italy account for 64%

100 euro bill

UPDATED: On January 6th, 2021, France’s regulator CNIL (Commission Nationale de l’Informatique et des Libertés) has outreached our editorial team to report three more major GDPR violations: Google LLC fined €60 million, Google Ireland fined €40 million, and Amazon Europe Core fined €35 million. These violations weren’t included in GDPR Enforcement Tracker database on which our report is based. Therefore, we have updated our GDPR Fines 2020 Report revealing that EU countries amass €306.3 million in GDPR fines in 2020, France and Italy account for 64.14% of all GDPR fines for the period. The 2020 figures may change if additional violations are found or reported by the regulators in 2021 for the previous period.


Data acquired from the GDPR Fines 2020 Report by Finbold.com indicates that a total of €171.3 million fines have been issued against European countries in 2020 alone. The fines were issued between January 1st, 2020, and January 1st, 2021.

Our GDPR Fines 2020 Report reveals that Italy accounts for the highest fines at €58.16 million of the total fines from 34 violations. The United Kingdom ranks second with €43.9 million in fines from only three violations. The two countries cumulatively account for 59.5% of all the EU GDPR fines. Germany is third at €37.39 million from three major violations.

Sweden’s 15 violations attracted €14.27 million in fines, while Spain closes the top five categories with €8 million in fines arising from 128 incidents. In 2020, a total of 299 fines were registered in the EU.

Rank Country Total fine per country in EUR Number of fines
1 France (updated with France regulator CNIL’s reported fines) €138,309,000 8
2  Italy €58,161,601 34
3  United Kingdom €43,901,000 3
4  Germany €37,398,708 3
5  Sweden €14,278,800 15
6  Spain €8,021,210 128
7  Netherlands €2,080,000 3
8  Norway €1,050,800 11
9  Belgium €793,000 13
10  Ireland €630,000 4
EU countries ranked by total GDPR fine amount in 2020.

The biggest single fine in 2020

Germany’s H&M Hennes & Mauritz online Shop AB & Co. KG was fined €35.25 million for data protection violations on specific incidents. This is the biggest single fine on a specific data breach incident in 2020. Italy’s TIM, a telecommunication operator, received the second-highest fines at €27.8 million. British Airways is third after amassing fines of €22.04 million.

The fine comes after over two years since the General Data Protection Regulation (GDPR) was implemented in the EU and EEA back on May 25, 2018.

Finbold.com chief editor Oliver Scott commented:

“Despite campaigns to have organizations enact better measures to protect consumer data, the violations recorded across the EU remain significant with the law coming into place in 2018. It will be interesting to see if organizations will take up extra responsibility to prevent breaches in 2021. However, stakes remain high for companies to avoid risking regulatory action for breaches and protecting reputation alongside legal actions.”

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts