Which country has imposed the biggest GDPR fine so far?

Asked by: Gianni Dach | Last update: April 27, 2026

Score: 4.8/5 (14 votes)

Ireland has imposed the biggest GDPR fine, a record €1.2 billion (approx. $1.3 billion) penalty issued by its Data Protection Commission (DPC) against Meta (Facebook's parent company) in May 2023, for unlawful data transfers to the United States, making it the largest single fine to date.

What is the largest GDPR fine?

1. Meta GDPR fine- €1.2 billion. In May 2023, in a groundbreaking decision in the past five years of GDPR enforcement, the Irish Data Protection Commission (DPC) imposed a historic fine of €1.2 billion on US tech giant Meta.

What is the largest data breach fine in history?

As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second.

What is the total amount of fines that have been imposed in Europe since the GDPR was launched in May 2018?

Since the General Data Protection Regulation (GDPR) came into force in May 2018, a total of around EUR 5.65 billion in fines have been imposed as of March 2025 – an increase of EUR 1.17 billion compared to the previous year.

Which country has the most strict privacy laws?

Which Country Has the Strictest Data Privacy Laws? The country with the strictest data privacy laws related to the internet is Iceland. Many people have referred to Iceland as Switzerland for data. It has incredibly strict privacy laws, and these laws were passed in 2000.

The Top 5 GDPR Fines of 2025 (And How to Avoid Them)

29 related questions found

Which countries do not follow GDPR?

List of Non-GDPR European Countries

Albania.
Belarus.
Bosnia and Herzegovina.
Kosovo.
Moldovia.
Montenegro.
North Macedonia.
Russia.

What is currently considered the toughest privacy law in the world?

What is the GDPR? The EU general data protection regulation (GDPR) is the strongest privacy and security law in the world. This regulation updated and modernised the principles of the 1995 data protection directive.

What is the highest penalty for a breach of the GDPR?

For especially severe violations, listed in Art. 83(5) GDPR, the fine framework can be up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher. But even the catalogue of less severe violations in Art.

Who was fined $20 million for breaching GDPR?

The Information Commissioner's Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

Why was Meta fined 1.2 billion?

...Meta's sanction is for breaching conditions set out in the pan-EU regulation governing transfers of personal data to so-called third countries (in this case the US) without ensuring adequate protections for people's information...

What is the biggest fine ever paid?

Binance Violates the Banking Secrecy Act — $4.3 Billion

The monitor will examine Binance's accounts and transactions, certifying that the company complies with U.S. federal regulations. The Binance fine is the largest penalty in the history of the U.S. Treasury Department.

What is the world's largest hack?

11 Biggest Cybersecurity Attacks in History

Log4J Vulnerability. Date: 2021. ...
Colonial Pipeline Ransomware Attack. Date: 2021. ...
6. Yahoo Hacks. Date: 2013 & 2014. ...
Attack on Saudi Aramco. Date: 2012. ...
PlayStation Network Hack. Date: 2011. ...
Heartland Payment Systems. Date: 2008. ...
CardersMarket Hacks. Date: 2007. ...
DoD & NASA Hacks. Date: 2000.

Has the US government ever been hacked?

One of the most significant cyberattacks on the U.S. government occurred in 2015 when hackers, believed to be connected to China, infiltrated the Office of Personnel Management. This breach compromised sensitive information of over 22 million current and former federal employees.

What is the largest data breach ever?

10 Most Impactful Data Breaches Ever

1. Yahoo – 3,000,000,000 records lost. ...
National Public Data – 2,900,000,000 records lost. ...
River City Media – 1,370,000,000 records lost. ...
Aadhaar – 1,100,000,000 records lost. ...
Indian Council of Medical Research (ICMR) – 815,000,000 records lost. ...
Spambot – 711,000,000 records lost.

What is the maximum penalty that can be applied in the event of non compliance with the European Regulation?

Lower-tier fines: A maximum fine of up to €10 million or 2% of the prior financial year's annual global turnover, whichever is higher. Higher tier fines: A maximum fine of up to €20 million or 4% of the prior financial year's annual global turnover, whichever is higher.

Is GDPR stricter than CCPA?

Which is stricter—CCPA or GDPR? The GDPR generally includes more rigorous requirements than the CCPA. It imposes higher financial penalties for violations, requires a lawful basis for processing personal data, defines broader data subject rights, and has more comprehensive age-of-consent protections.

Who gets the money from GDPR fines?

Who gets the money from GDPR fines in the UK? All fines collected by the ICO go to HM Treasury's Consolidated Fund to be spent on health and social care, education, policing and justice, and the like. The money collected from the annual data protection fee that data controllers must pay is used to fund the ICO's work.

Which company has received a privacy violation more than $1 million dollars?

California Privacy Protection Agency issues record $1.35 million fine against Tractor Supply Company. On September 30, 2025, the California Privacy Protection Agency (CPPA) announced a record $1.35 million settlement with Tractor Supply Company for violations of the California Consumer Privacy Act (CCPA).

What are some famous GDPR breach examples?

Meta's 1.2 billion euro fine: The cross-border data transfer debacle.
Google's violation of GDPR's right to be forgotten.
Twitter's failure to notify the breach.
Cathay Pacific: A wake-up call for the industry.
TIM S.P.A – failure to uphold data subjects' rights.
Make GDPR compliance easy and your default state with Sprinto.

How to avoid GDPR fines?

Checklist: How to avoid GDPR fines

Obtain freely given, specific, informed, and unambiguous consent, and make it as easy to withdraw as to give. Collect and process data only for a defined, legitimate purpose. Collect and store only the minimum amount of data needed for the purpose.

What is the average GDPR fine?

For GDPR, there is a published cross country average of about €2.36 million per fine over 2018 to 2025. For CCPA and CPRA, statutes specify per violation amounts, so we discuss typical settlement sizes and how per person counting multiplies cost.

What is the GDPR fine for Microsoft?

After the Irish data protection authority DPC had already imposed a fine of 91 million euros on Meta in September, it followed suit against LinkedIn in October: The Microsoft-owned company has to pay 310 million euros for serious data protection violations.

Which country has the best legal system in the world?

The top 35 countries (out of 142 listed countries) for the rule of law according to WJP in 2024 are:

Denmark.
Norway.
Finland.
Sweden.
Germany.
New Zealand.
Luxembourg.
Netherlands.

Which country respects privacy the most?

Best Countries for Privacy and Security

Switzerland. Switzerland is considered one of the most privacy-focused countries in the world. ...
Iceland. Iceland has become a privacy haven due to its strong data protection laws and its stance on online freedom. ...
Norway. ...
Romania. ...
Panama. ...
Sweden.

Is the USA a GDPR country?

The GDPR is the law governing data privacy in the 27 countries of the European Union, plus Iceland, Liechtenstein, and Norway. Unlike U.S. data privacy laws, the GDPR applies uniformly to all entities―small or large, public or private―that handle personal information.