Fines and penalties

Up to 20 million euros or up to 4% of worldwide annual sales in the case of a company. These penalties may be made public.

Imposed by the Irish Data Protection Commission (DPC) in May 2022, it is the biggest fine so far under the GDPR law.

This record-breaking fine was issued for the transfer of personal data of European users to the US without adequate data protection mechanisms and serves as a significant milestone in data protection regulation.

This fine serves as a clear warning to other companies that the GDPR’s requirements must be taken seriously, and non-compliance can result in severe financial consequences.

GDPR compliance is guaranteed by 3 complementary players:

The Data Protection Commissions of the EU member states: supports professionals in their compliance, helps individuals to control their data and exercise their rights.
The CEPD (European Data Protection Committee): coordinates the action of the EU's CNILs.
The CJEU (Court of Justice of the European Union): enforces legislation and sanctions non-compliant entities.

Fines and penalties ​

What do you risk if you fail to comply with the GDPR? ​

The most expansive fine so far: Meta's 1.2 billion euros GDPR fine ​

Who ensures compliance with the GDPR? ​

Fines and penalties

What do you risk if you fail to comply with the GDPR?

The most expansive fine so far: Meta's 1.2 billion euros GDPR fine

Who ensures compliance with the GDPR?