5 min read

Writen by Zlatko Delev

Posted on: November 1, 2022

What are the Leading Causes for Individual GDPR Fines?

At least 65 private individuals have received fines for GDPR violations in the EU since 2018.

The total number of GDPR fines since the law came into force in 2018 is 1,186, but only large fines against major corporations tend to make the news. 

Still, private citizens can just as easily end up in court for data privacy violations. Below are the most common ways individuals ended up receiving fines for breaking GDPR. 


The report found that the majority of GDPR violations made by private citizens were related to their use of CCTV. 

CCTV for private homes is legal, as long as public spaces and others’ private property is not recorded. This included public roads and pavements and neighbor’s property. 

The Spanish Data Protection Authority fined a private citizen 3,000 euros for their CCTV which covered public spaces.

The individuals was not only fined for the use of the cameras, but for not properly informing the public of the camera’s presence. 

By covering any public spaces with personal surveillance cameras, a person automatically becomes a ‘data controller’ under GDPR law. 

In the UK, a private citizen was sued over the camera found in their smart doorbell, which was found to cover public spaces and their neighbor’s property, breaching data laws. 

The landmark case caused the ICO to issue new guidance on domestic CCTV use. 

Those using surveillance equipment were advised to only record their own private property, but if this was not possible, to make the public aware of the presence of the CCTVs, limit its use, delete footage, and respond to access requests from those filmed.

Social Media Pictures 

Consent is the main theme of GDPR violations, and nowhere is this more pertinent than in social media. 

A Spanish individual was fined 6,000 euros for sharing a video on social media of other individuals without their consent. As the faces were not pixelated, the individual would have required consent to post the video. 

Even posting random people in public earned one photographer a fine, who had to pay 800 euros after posting pictures of strangers at the beach.

Dashcam Footage 

A German citizen was fined for posting dashcam footage on youtube. 

UK law concerning personal dashcams appears to differ from Europe, perhaps because a display of personal dashcam footage on the wider web has not been challenged yet.

The ICO, as of 2021, states that only company dashcams need to worry about GDPR. 

Unsolicited Emails 

Unsolicited emails tend to be considered an issue for businesses, but private individuals can be fined as well. A German citizen was fined 2,500 euros for sending emails that allowed recipients to view other user’s email addresses.


GDPR law treats catfishing as a case of identity theft, allowing individuals to sue those who use their personal data for impersonation purposes. 

An individual in Ireland was fined for using someone’s personal photos to impersonate them on Tinder and Whatsapp.

GDPR: A Personal Issue 

Since 2018, GDPR fines have amassed to over two billion euros, with the largest fine being 746,000 euros levied against Amazon in Luxembourg. 

Though the large company violations and fines make the headlines, it is important to remember that GDPR laws affect private individuals as well. 

As the UK government works on branching away from GDPR and creating a new data protection framework, it is important to consider how these changes will affect personal data collection. 

Private citizens in the UK should therefore stay up to date on these changing laws, both to protect their own data and ensure they comply with the regulations to avoid fines.

Source: Digit News ( )

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy