Skip to main content

GDPR enforcement in 2023

Recently, in May of this year, GDPR turned 5. So, are EU countries enforcing it? What are its real life effects on companies and regular people? First, let’s look at some outstanding incidents of GDPR enforcement in 2023. Then, we’ll review what we can learn from them.

Who enforces GDPR?

Each EU member state has its own data protection authority (DPA) or agency.  Essentially, these authorities are responsible for overseeing and enforcing GDPR compliance within its jurisdiction. To this end, they investigate complaints, issue fines and provide data privacy guidance.

Indeed, local data protection authorities can provide a wealth of resources for companies. It’s a good idea to browse your local agency’s website for the most up-to-date compliance information for your area.

Together, these agencies form an umbrella organisation called the European Data Protection Board (EDPB). For its part, the EDPB helps all EU data authorities act as one to make sure everyone’s rights are protected. Further, it can weigh in on the interpretation of data protection and intervene when key legal issues are at stake.

GDPR enforcement statistics 2023

Almost 300 GDPR fines have been reported so far in 2023, according to the website Here are some highlights about fines that got our attention:

  • Spain had the heaviest enforcement, with 147 fines leveled in the last 8 months
  • The highest fine over all went to Meta Platforms, for €1,200,000,000
  • The highest fine for an EU company was €40,000,000 (CRITEO)
  • Fines for small businesses in Europe ranged from €300 to €215,000

Let’s look at some details about these fines.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

Who is getting GDPR fines, and why?

Moving on to the types of companies fined, these included:

  • Banks
  • Gyms
  • Grocers
  • Movers
  • Estate agents
  • Insurance companies
  • Marketing companies, and more.

Now, let’s shift our focus to the what led to the fines. For example, some common violations that caught our eye were:

  • Storing personal data of registered users indefinitely
  • A privacy policy with no information about withdrawing consent
  • Incomplete records of processing activities
  • Failure to respond to data rights requests
  • Failure to notify breaches within 72 hours

Usually, small and medium businesses are not caught committing egregious abuses of people’s data on a large scale. Instead, they simply fail to put basic GDPR framework and policies in place. Unfortunately, this leaves them vulnerable to breaches and unprepared to respond when they occur.

Want to clean up your emails for sensitive information?

With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.

What can we learn from GDPR statistics?

After reviewing GDPR enforcement data for 2023, it’s clear that the same issues we see the average company struggling with are, in fact, causing data privacy violations and fines. Therefore, it pays to focus your attention on a few key compliance tasks.

Such as:

  • Updating your privacy policies
  • Deleting data you no longer need
  • Monitoring your data storage
  • Responding promptly to data rights requests

Of course, the specific needs of each company are different. However, any company that processes personal data should stay on top of the tasks above.

Usually, your difficulty as a small business owner is, first and foremost, a lack of time, resources and training to get started. Then, going forward, you may have a hard time monitoring you everyday compliance.

Unlike larger companies, you probably do not have a legal team on retainer or the budget for complicated enterprise solutions. That’s why, at Safe Online we’ve created simple, affordable GDPR compliance tools designed for small businesses.

Would you like a free GDPR analysis to help find your companies weak spots and correct them?

Book a free GDPR analysis.

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →