GDPR fines recently imposed by enforcement bodies, including fines issued under other privacy laws:

• 10/Mar/2020: Sweden, SEK 75,000,000 for Google LLC (Swedish Data Protection Authority)

• 10/Feb/2020: United Kingdom, GBP 500,000 for Cathay Pacific Airways Limited (Information Commissioner's Office)

• 15/Jan/2020: Italy, EUR 27,802,946 for TIM SpA (Italian Data Protection Authority)

• 14/Jan/2020: Spain, EUR 75,000 for EDP ENERGIA, S.A.U. (Spanish Data Protection Agency)

• 13/Jan/2020: Greece, EUR 15,000 for Allseas Marine S.A. (Hellenic Data Protection Authority)

• 09/Jan/2020: United Kingdom, GBP 500,000 for DSG Retail Limited (Information Commissioner's Office)

• 07/Jan/2020: Spain, EUR 10,000 for Asociacion de Medicos Democratas (Spanish Data Protection Agency)

• 07/Jan/2020: Spain, EUR 75,000 for EDP Comercializadora S.A. (Spanish Data Protection Agency)

• 07/Jan/2020: United States, USD 120,000 for Mortgage Solutions FCS, Inc (Federal Trade Commission)

• 07/Jan/2020: Spain, EUR 44,000 for Vodafone Espana S.A.U. (Spanish Data Protection Agency)

• 02/Jan/2020: Singapore, SGD 15,000 for Creative Technology Ltd (Personal Data Protection Commission Singapore)

• 30/Dec/2019: Brazil, BRL 6,600,000 for Facebook Inc, Facebook Serviços Online do Brasil Ltda (Brazilian Ministry of Justice)

• 30/Dec/2019: United States, USD 65,000 for West Georgia Ambulance Inc (U.S. Department of Health and Human Services)

• 26/Dec/2019: Singapore, SGD 6,000 for National Healthcare Group Pte Ltd (Personal Data Protection Commission Singapore)

• 20/Dec/2019: United Kingdom, GBP 275,000 for Doorstep Dispensaree Ltd (Information Commissioner's Office)

***

Latest GDPR fines

Our most recently recorded GDPR fines, excluding fines issued under local legislation or outside the EU:

Alternatively, see all GDPR fines to date.

***

Privacy fines under other legislation

We collate fines imposed under HIPAA, DPA1998, COPPA98 and cases where a general local law is applied, or where the law supporting the fine is not specified by the regulator.

***

Largest fines, all jurisdictions

Our 10 largest fines, as recorded, for all jurisdictions and ordered by greatest value in US dollars:

• 24/Jul/2019: United States, USD 5,000,000,000 for Facebook Inc (Federal Trade Commission)

• 08/Jul/2019: United Kingdom, GBP 183,390,000 for British Airways plc (Information Commissioner's Office)

• 04/Sep/2019: United States, USD 170,000,000 for Google LLC, YouTube LLC (Federal Trade Commission)

• 09/Jul/2019: United Kingdom, GBP 99,200,396 for Marriott International Inc. (Information Commissioner's Office)

• 21/Jan/2019: France, EUR 50,000,000 for Google Inc (French Data Protection Authority)

• 25/Mar/2014: United States, USD 32,500,000 for Apple Inc (Federal Trade Commission)

• 15/Jan/2020: Italy, EUR 27,802,946 for TIM SpA (Italian Data Protection Authority)

• 09/Aug/2012: United States, USD 22,250,000 for Google Inc (Federal Trade Commission)

• 23/Oct/2019: Austria, EUR 18,000,000 for Austrian Post (Austrian Data Protection Authority)

• 05/Nov/2019: Germany, EUR 14,500,000 for Deutsche Wohnen SE (Berlin Commissioner for Data Protection)

***

Help us

Help by sending us information on any fines not in our index. We are able to include an individual acknowledgement for you, on our fines entry page.

***