Biggest GDPR fine to date
The biggest EU GDPR fine to date is €1.2 billion (about £1.04 billion), issued to Meta by Ireland’s Data Protection Commission in May 2023. Meta intends to appeal the ruling.
The EU GDPR has applied to the processing of EU residents’ personal data since 25 May 2018.
A new UK Data Protection Act took effect at the same time as the GDPR. It fills in sections of the Regulation that were left to individual member states to interpret and implement, and applies the GDPR’s provisions to certain areas that fell outside the Regulation’s scope, such as law enforcement processing and intelligence services processing.
Combined, the two laws granted greater data privacy rights to individuals and placed tougher obligations on organisations – all backed up by a system of fines and other regulatory penalties.
The UK GDPR superseded the EU Regulation in the UK on 31 December 2020, following the Brexit transition period.
UK organisations that process personal data must therefore comply with:
- The DPA 2018 and UK GDPR if they process only domestic personal data; or
- The DPA 2018 and UK GDPR, and the EU GDPR if they process the personal data of UK residents and offers goods and services to, or monitor the behaviour of, EU residents.
Learn more about the UK GDPR and DPA 2018
Learn more about the EU GDPR
Learn more about the difference between the EU GDPR and the UK GDPR/DPA 2018