top of page

Is GDPR still being enforced?

Since the beginning of 2022 and up to July 2022, the GDPR commission has issued 248 fines. The total amount of fines reached a staggering figure of €121,363,005 as at 31 July 2022, which represents an average of €489,366.96 per fine.

However, there is a company that was sanctioned for €49M in total, which represents 40% of the total fines since the beginning of the year. Actually, the company was fined in three different countries in the space of 6 months, €20M in Greece during July 2022, €20M in Italy during February 2022 and €9M in UK during May 2022. The three sanctions were all based on Non-compliance with general data processing principle.

Compared to 2021, the total amount of fines of 2022 is relatively low. Indeed in 2021, there was a stunning €746,000,000 fine received by a well known ecommerce. Here below are some interesting statistics:

The table below is a summary of the fines issued since the beginning of 2022 and up to July 2022

248 fines were issued, for a total amount of €121,363,005 as at 31 July 2022.

As we can see on the table below, biggest total amount of fines were issued in Luxembourg. However, among the 23 finesissued, one fine account for €746,000,000 which represents 99.96% of the total amount. Otherwise, the 22 remaining fines accounted for an average of €12,436.36 per fine.

Spain counts 463 fines since the enforcement of GDPR in 2018 which is the largest number of fines and Isle of Man counts 2 fines, which is the least number of fines. There are some countries which have not yet issued any fines.

As we can see in the table below (since enforcement of GDPR in 2018), 420 fines were issued because of insufficient legal basis for data processing.

Aside of compliance reasons, it is important to note that 238 fines were issued due to Insufficient technical and organisational measures to ensure information security. This highlights the importance of having a strong information security system in place.

The table below is a summary of the various sector most sanctioned by the GDPR. As we can notice, Industry and Commerce are the sectors that were most fined.

However, every and any sector is concerned, as long as they process data of EU citizen, they have to abide by the law.

As we can notice, all sectors are concerned by the GDPR. It is essential for organisations to comply with the regulation and we can help you on this mission. If you would like to have an assessment of the level of compliance of your data protection, please do not hesitate to contact us. You can also register for our data protection training.


bottom of page