4 min read

Writen by Adam

Posted on: January 19, 2021

The biggest GDPR fines of 2020 (and how to avoid them)

Breaching the GDPR can cost you up to €20 million, or 4% of annual global turnover, whichever is highest. This means you want to avoid fines wherever possible.

We have compiled the three biggest GPDR related fines of 2020 to show you what went wrong, and how you can avoid making these costly errors.

3. Google LLC – Fined €7m

  • The Data Protection Authority of Sweden fined Google LLC €7m due to insufficient fulfilment of the rights of data subjects.
  • Google had not properly removed search results that it had been ordered to delete in 2017. Google was also criticised for informing the website owners that their site was to be removed. This allowed them to create a new URL and be found through Google searches.

GDPR Breaches: GDPR article 5, 6 and 17 other breaches

2. Eni Gas e Luce (Gel) – Fined €11.5m

  • In Italy, Eni Gas e Luce (Egl) was fined twice for illegal processing of personal data and activating unsolicited contracts.
  • The first fine, €8.5m, was for unlawful processing of personal data for telemarketing and telesales purposes. This included a lack of consent and data subjects being unable to opt-out, as well as storing the data for much longer than necessary.
  • The second fine, €3m, was for not telling existing customers about a new contract, and these customers also accused Egl of forging their signatures and false information.

GDPR Breaches: GDPR article 5, 6, 7, 21 and 32 other breaches

1. TIM – Fined €27.8m

  • Telecoms provider TIM sent thousands of unsolicited online communications without the consent of its data subjects. Many of these data subjects had chosen to opt-out of these communications, but still received them. One individual reported they had been contacted over 150 times in one month.
  • TIM also retained data from their subjects for over ten years, which breaks both GDPR and their own company policy!
  • Data subjects were unable to properly consent as they were left unsure about how their data would actually be used.
  • Lastly, TIM did alert the DPA about data breaches, however it failed to meet the 72-hour deadline.

GDPR Breaches: GDPR article 5, 6, 7, 17, 21 and 32 other breaches

So how could these companies have avoided these fines?

Quite simply, by following the six key data protection principles;

  1. Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

Each of these companies stored data for far too long, did not provide clear means of obtaining consent, or did not listen to the instructions of the relevant countries Data Protection Acts. These are easy mistakes to avoid when acting in accordance with GDPR, yet they still carry hefty penalties, even for small businesses.

Here at GDPRlocal, we’re here to help you avoid common mistakes like these. With our expert advice, we’ll work with you to ensure your business is on track for full GDPR compliancy. To get started, simply register for an account at and receive our “Get Started With GDPR” project planning white paper.

To learn more about our bespoke GDPR compliancy services, or if you have any further question, do not hesitate to contact us at: [email protected] or call anytime on 01772 217800

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy