Businesses had to pay €1.5 billion in GDPR fines in H1 2023

Businesses had to pay over €1.5 billion in GDPR fines through the first half of 2023, according to the data analyzed by the Atlas VPN team. On May 25th, GDPR celebrated its 5th anniversary. Throughout this time, businesses received 1679 fines combining to a sum of nearly €4 billion.

Facts and figures

January and May were particularly noteworthy, with nearly €400 million and €1.2 billion in fines, respectively. “Interestingly, both months saw fines issued against Meta Platforms which control Facebook, Instagram, WhatsApp, and other apps”, they say from Atlas VPN.

Although March only saw €1.5 million in fines, it was the month when businesses received the most penalties for data violations, with a total of 46 penalties issued.

February was the month with the least amount of fines issued in H1 2023, with only 34 fines accounting for €2.6 million in penalties. Overall, businesses received 237 fines throughout the first half of 2023. 

“The GDPR fines – says Vilius Kardelis, Cybersecurity writer at Atlas VPN – are significantly impacting how businesses operate and handle data. Companies must prioritize data privacy and security to avoid potential fines and reputational damage. As we move forward, companies must continue investing in their data protection strategies and staying informed about any updates or changes to the GDPR”.

Countries where businesses had most GDPR violations and fines

“As we delve into the topic of countries with the most GDPR violations – they add from Atlas VPN – it’s important to note that no country is immune to data privacy issues. However, some countries have had more violations than others.

Since the start of GDPR, Spain has accumulated 689 fines resulting in over €60 million in penalties. While the average of each fine is about €88K, Spanish businesses received more than 2 times the amount of fines than any other country.

Italy‘s data protection authorities have issued 284 fines, totaling €133 million in penalties. The average fine here is about €468K. Germany has received the third-highest number of violations, totaling 160. These fines have resulted in penalties of €55 million.Romania is the last country whose authorities have issued over 100 fines in the 5 years of GDPR’s existence. In addition, Romania has a very low average penalty of only €5390. Greece stands out from the rest of the countries with a high average per fine of €525K”, they end.