Skip to main content

Global data risk

Bigger fines, more enforcement – global data privacy in the spotlight

For businesses around the world, personal data is incredibly valuable. Increasingly, it also attracts regulatory risk. Enforcement activity is on the rise globally, with the data privacy enforcement landscape in Europe shifting dramatically since the General Data Protection Regulation (GDPR) came into force.

In our Global privacy data risk update 2022, we identify the most active authorities and those that impose the biggest fines, as we monitor the enforcement developments in Europe and North America over the past 12 months. Building a global picture of data privacy enforcement, we take a deeper dive into developments at the EU and member state level, looking at fines issued under the GDPR, as well as penalties issued by authorities around the world.

Introduction and methodology

This study looks at all penalties levied by EU data protection authorities (DPAs) under the GDPR from its inception to April 2022. We have set this enforcement activity in context by compiling a list of the 100 biggest data privacy fines issued across Europe and North America between 2018 and April 2022. In Europe, our analysis includes penalties issued under member states’ national data protection and e-commerce laws.

This update follows our Global data privacy risk report 2021, which provided in-depth insight into the regional, national and legal trends around data privacy enforcement.