List of notable fines issued under the General Data Protection Regulation

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The General Data Protection Regulation (GDPR) is a European Union regulation that specifies standards for data protection and electronic privacy in the European Economic Area, and the rights of European citizens to control the processing and distribution of personally-identifiable information.

Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.[1] The following is a list of notable fines issued under the GDPR, including reasoning.

Date Company Amount Fined By Main Reason(s) Source(s)
2019-01-21 Google LLC €50 million France (CNIL) "...lack of transparency, inadequate information and lack of valid consent regarding the ads personalization."[2]
2018-10 Hospital do Barreiro €400,000 Portugal (CNPD) "...based on access policies to databases, which allowed technicians and physicians to consult patients’ clinical files, without proper authorization."[3]
2018-11-21 (German social network) €20,000 Germany (Baden-Württemberg) "...unauthorized access to and disclosure of personal data of around 330,000 users, including passwords and email addresses."[4]


  1. ^ "L_2016119EN.01000101.xml". Archived from the original on 10 November 2017. Retrieved 28 August 2016.
  2. ^ "The CNIL's restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC | CNIL". Retrieved 24 January 2019.
  3. ^ "Cuatrecasas". Retrieved 24 January 2019.
  4. ^ "HL Chronicle of Data Protection | Privacy Attorneys & Data Security Lawyers | Hogan Lovells". HL Chronicle of Data Protection. Retrieved 24 January 2019.