GDPR came into force in May 2018 following years of EU wrangling. Now that it’s law, governments have the ability to hand out massive fines – up to €20 million or 4% of annual global turnover, whichever is higher – to anyone who breaches General Data Protection Regulations.

Here are the biggest fines doled out by regulators so far:

Amazon: £646 million

Amazon might be an enormous company, but even it isn’t large enough to absorb a £646 million GDPR fine. The e-commerce giant received the penalty after EU bureaucrats in Luxembourg decided that it wasn’t handling customer information correctly. Amazon disagreed with the decision and launched an appeal.


WhatsApp: £194 million

Coming in a distant second place is Meta-owned messaging service, Whatsapp. In January 2019, the Irish Data Protection Commissioner concluded that the app had failed to fully communicate to users about how it uses their data. The commission specifically disagreed with the way that WhatsApp shared data with Facebook.


Google: £43 million

Google seems to be regularly in trouble with European authorities and, as you might expect, it’s fallen foul of GDPR laws. French regulators took issue with the way that the search giants were collecting user data and using it for advertising. The company, authorities said, wasn’t being transparent enough.


H&M: £31 million

Swedish retailer H&M got into trouble in Germany for its improper monitoring of employees. The company’s mandatory recorded back-to-work meetings were a breach of GDPR.


TIM: £24.4 million

TIM, an Italian telecoms company, got into trouble when regulators found it had made regular nuisance calls to customers and misused their data. One customer received more than 155 individual calls from the firm. The result: a hefty GDPR fine.


Typically, the biggest fines stem from marketing activities – with misdirected emails being the main culprit – but you should also comply with requests from EU citizens to remove their data. Do you have a process in place to remove personal data when requested? With big fines being actively handed out, it might be time you make sure your business is staying in line with GDPR regulations. Check out how Tip Top Media can help you with GDPR compliance

Here are some other posts you may be interested in reading:

Countdown to GDPR
Is Information Security relevant for my business?
Information Security: the human factor