top of page

What were the highest GDPR fines from December 2021 to February 2022?

The General Data Protection Regulation (GDPR) of the European Union was enforced in 2018 and is currently the reference when it comes to Data Privacy and Security.

The goal of this law is to impose security and privacy obligations on organisations, which collects data of European citizens. Failure to comply with the regulation could be sanctioned with fines going up to 20M Euro or 4% of global turnover.

Since enforcement of the regulation, hundreds of organizations were fined for various breaches of law. In February 2022, a new milestone was reached as the European Comission fined the 1000th organization, which rises the total cumulated fines to a staggering amount of €1,575,668,851 (1.5 Billion).

In October 2021, we published an article on the 7 biggest GDPR fines. Since then, there were other astonishing fines. Here below are some statistics for the 3 last months.

As you probably noticed, the number of fines as well as the cumulated amount of fines during the month of December 2021 were huge.

Among the 56 fines, there were 5 which cumulated an amount of 242,800,000 Euros! 3 of the 5 biggest fines were from France, one from Italy and one from Norway. 4 of the 5 fines were received by online service providers and one by an energy service provider.

Of the 5 fines, the smallest amount of fine was 6,300,000 Euros and the biggest was 90,000,000 Euros. Two organisations received the fine of 60,000,000 Euro and the last one 26,500,000 Euros. All of the 5 biggest fines were due to Insufficient legal basis for data processing.

Regarding 2022 statistics, it is worth noting that the first fine of the year came from Greece, for an amount of 1,000 Euros due to insufficient fulfilment of data subjects’ rights.

Overall, the total number of fines reached 1,003 at the end of February 2022 and a cumulated amount of 1,575,668,851 Euros in fines. The biggest fine of all time is still 746,000,000 Euros from Luxembourg due to Non-compliance with general data processing principles. If you want to see more statistics, you can check our source

Important note and Reminder: GDPR applicability can be extraterritorial as well.

If you hold personal information of European citizens and would like to make an assessment of your Data Protection policies and process, please contact us. We can help you secure your information management system as well as complying with the various data protection law applicable.


bottom of page