Nearly €6 Billion in GDPR Fines Since 2018

By: Trademagazin editor Date: 2025. 01. 30. 09:15

According to the latest DLA Piper report in 2024, EU data protection authorities imposed €1.2 billion in fines for the violation of GDPR rules, bringing it to a total of €5.88 billion since the regulation came into effect. Despite a 33 per cent decrease compared to 2023, when the Irish Data Protection Commission imposed a record fine of €1.2 billion on Meta, enforcement remains strong, particularly in the tech sector.

Nine of the ten largest fines in 2024 targeted tech and social media firms, including LinkedIn (€310 million) and Meta (€251 million) for GDPR violations. The financial and energy sectors also faced penalties, such as a €6.2 million fine on a Spanish bank for inadequate security measures and a €5 million fine on an Italian utility service provider for mismanaging customer data.

Hungary remains in the mid-range of GDPR enforcement, ranking 17th in total fines with €4.2 million since 2018. The National Authority for Data Protection and Freedom of Information (NAIH) sanctioned a recruitment firm for mishandling job seekers’ data and issued guidance on lawful voice recording practices.

AI-related data protection issues are gaining regulatory attention. The Netherlands imposed a €290 million fine on a ride-hailing app for transferring data to countries outside the EU and a €30.5 million penalty on Clearview AI for unlawful facial recognition practices. Authorities are also exploring executive liability for repeated GDPR violations.

Key challenges for 2025 include the controversial “consent or pay” model, which the European Data Protection Board (EDPB) deemed non-compliant in most cases. The EDPB also issued an ambiguous opinion on AI-related data protection, signaling ongoing uncertainty and stricter enforcement in the coming years.