GDPR fines recently imposed by enforcement bodies, including fines issued under other privacy laws:
- 10/Feb/2020: United Kingdom, GBP 500,000 for Cathay Pacific Airways Limited (Information Commissioner's Office)
- 07/Jan/2020: Spain, EUR 10,000 for Asociacion de Medicos Democratas (Spanish Data Protection Agency)
- 02/Jan/2020: Singapore, SGD 15,000 for Creative Technology Ltd (Personal Data Protection Commission Singapore)
- 30/Dec/2019: Brazil, BRL 6,600,000 for Facebook Inc, Facebook Serviços Online do Brasil Ltda (Brazilian Ministry of Justice)
- 30/Dec/2019: United States, USD 65,000 for West Georgia Ambulance Inc (U.S. Department of Health and Human Services)
- 26/Dec/2019: Singapore, SGD 6,000 for National Healthcare Group Pte Ltd (Personal Data Protection Commission Singapore)
- 20/Dec/2019: United Kingdom, GBP 275,000 for Doorstep Dispensaree Ltd (Information Commissioner's Office)
Latest GDPR fines
Our most recently recorded GDPR fines, excluding fines issued under local legislation or outside the EU:
Alternatively, see all GDPR fines to date.
Privacy fines under other legislation
We collate fines imposed under HIPAA, DPA1998, COPPA98 and cases where a general local law is applied, or where the law supporting the fine is not specified by the regulator.
Largest fines, all jurisdictions
Our 10 largest fines, as recorded, for all jurisdictions and ordered by greatest value in US dollars:
- 08/Jul/2019: United Kingdom, GBP 183,390,000 for British Airways plc (Information Commissioner's Office)
- 09/Jul/2019: United Kingdom, GBP 99,200,396 for Marriott International Inc. (Information Commissioner's Office)
- 05/Nov/2019: Germany, EUR 14,500,000 for Deutsche Wohnen SE (Berlin Commissioner for Data Protection)
Help by sending us information on any fines not in our index. We are able to include an individual acknowledgement for you, on our fines entry page.