The General Data Protection Regulation (GDPR) was implemented in the EU three years ago on May 25th. This legislation aimed to give the residents of the EU more control over their data and privacy.

According to the recent Atlas VPN team findings, the cumulative sum of the GDPR fines imposed on the EU countries over the past three years has reached €283,673,083 due to a total of 648 penalties against organizations violating the data protection law.

The biggest GDPR fine so far was issued in January 2019. The French regulator CNIL fined Google €50 million for failing to provide transparent information on its consent policies and the way it handles ad personalization.

After that, another massive increase in penalties happened between October 2019 and January 2020. Thus, since the start of GDPR, organizations have been fined a total of €100,711,612 due to 167 violations.

In 2020, from July to October, there was a significant increase in the sum of fines. It was because 3 out of 5 most enormous penalties of all time were issued in October.

Cybersecurity writer and researcher at Atlas VPN William Sword, said: “GDPR has empowered EU citizens to be more actively involved in what is happening with their data and understand their privacy rights. As for organizations, complying with data protection rules will create a more trustworthy environment between them and consumers. ”

GDPR violations in specific countries

Privacy regulators in each country were closely monitoring companies to make sure that people’s data is dealt with responsibly.

Italy has assessed the most significant sum of fines over three years — €76,271,601. So far, Italy has been penalized a total of 77 times.

France takes second place with €54,661,300 in fines. The largest part of the amount was made off of the previously mentioned Google fine.

In third place sits Germany, where GDPR violations have cost companies €49,186,833.

Even though Spain has slightly less in the total sum of fines — €29,521,410, they have had the most violations. More than one-third of all GDPR penalties (230) were imposed upon Spain.