New research from cybersecurity specialists ESET reveals the countries that have handed out the biggest GDPR related fines, with Romania ranking third.
Rank |
Country |
Number of fines |
Average fine |
Total amount fined |
1 |
Spain |
273 |
€118,831 |
€32,440,810 |
2 |
Italy |
75 |
€1,126,584 |
€84,493,770 |
3 |
Romania |
60 |
€11,659 |
€699,550 |
4 |
Hungary |
43 |
€18,881 |
€811,883 |
5 |
Norway |
31 |
€49,527 |
€1,535,350 |
6 |
Germany |
28 |
€1,756,673 |
€49,186,833 |
7 |
Sweden |
26 |
€697,374 |
€18,131,730 |
8 |
Belgium |
25 |
€40,720 |
€1,018,000 |
9 |
Poland |
24 |
€86,242 |
€2,069,798 |
10 |
Bulgaria |
20 |
€160,535 |
€3,210,690 |
Romania’s average GDPR fine stands at a very modest €11,659, which is actually one of the lowest in Europe, but the nation has still racked up a large number of fines, placing it third on our list. The most notable was that of Raiffeisen Bank at €150,000 – which pales in comparison to the kinds of fines faced by major companies in other countries. Instead, the fines in Romania were often much lower, usually totalling just a couple of thousand Euros.
The GDPR (General Data Protection Regulation) came into effect in 2018, and in that time, a large number of organisations have fallen foul of its rules.
In fact, over 650 fines have been issued relating to GDPR violations, totalling more than €280 million in just over three years.
Rank |
Country |
Number of fines |
Average fine |
Total amount fined |
1 |
The Netherlands |
1 |
€450,000 |
€450,000 |
1 |
Isle Of Man |
1 |
€13,500 |
€13,500 |
1 |
Malta |
1 |
€5,000 |
€5,000 |
4 |
Slovakia |
2 |
Unknown |
Unknown |
4 |
Croatia |
2 |
Unknown |
Unknown |
6 |
Portugal |
4 |
€106,000 |
€424,000 |
6 |
Iceland |
4 |
€21,675 |
€86,700 |
8 |
United Kingdom |
5 |
€8,850,000 |
€44,250,000 |
8 |
Estonia |
5 |
€60,110 |
€300,548 |
8 |
Latvia |
5 |
€48,650 |
€243,250 |