May 23, 2023

The GDPR is a serious matter and the sanctions concern everyone. None excluded.

List of penalties for violating the GDPR. It's not just about giants like Google or Facebook, but you too.

Since the General Data Protection Regulation (GDPR) came into effect, media attention has predominantly focused with their news and releases on the multimillion-dollar fines imposed on tech giants such as Google and Facebook. No one has ever spent two words on the current Mario Rossi, which in fact does not exist in the collective imagination, because after all, only large corporations receive fines and not small professionals.

The decision to exclusively mention the sanctioning activities against these large corporations is mainly due to editorial choices and effective headlines capable of involving public opinion and interest, as well as finding paying clicks.

To stay on the subject, yesterday's news in which Facebook was fined for 1,2 billion euros is still fresh.

Facebook GDPR sanction

La Irish Data Protection Commission (Ie Dpa), come on task of the EU Data Protection Authority Edpb, Has fined Meta for 1,2 billion euros for violating European standards on data protection (Gdpr) with his social network Facebook. The penalty is the highest imposed by a data protection regulator in Europe.

Meta, who intends to appeal, was fined for "continuing to transfer personal data" of users from the European Economic Area to the United States in violation of the relevant European standards.

Meta it must also “suspend any transfer of personal data to the United States within five months” from the notification of the decision and must comply with the GDPR within six months.

This focus has created a false belief: the feeling, among many, is that privacy authorities, including the Italian Data Protection Authority, are primarily interested in sanctioning these massive corporations.

In fact, this couldn't be further from the truth.

The GDPR is a European regulation that aims to strengthen and unify data protection for all people within the European Union (EU). It replaces the 1995 data protection directive and introduces strict rules on data protection and data processing. It also provides for heavy penalties for violations, regardless of the size of the entity committing them.

But let's get back to our focus. In an era where Software as a Service (SaaS) and Platform as a Service (PaaS) solutions are increasingly popular, many small and medium-sized businesses, freelancers and even individuals use services that are not GDPR compliant.

For example, image optimization plugins relying on Content Delivery Networks (CDN) of companies based in the United States, without European branches, or hosting services based in San Francisco.

This is because many people mistakenly assume that fines for violating the GDPR only apply to large companies. Yet the truth is that these sanctions affect everyone, without exception.

At this point, a clarification should be made, as well as tangible proof of the above: there is in fact a website called Enforcement Tracker which gives an overview of the fines and penalties that data protection authorities within the EU have imposed under the GDPR. The aim is to keep the list as up-to-date as possible, even if not all fines are made public; thus, the list can never be complete.

Enforcement Tracker

Browsing the site and applying the filter for Italy, we see that 1844 sanctions have been registered for entities of all sizes: joint-stock companies, limited liability companies, freelancers and even individuals. Fines vary in amount, with many hovering around €1000. This is a clear indication that, if necessary, sanctions are applied to everyone, without distinction.

Example of GDPR sanctions

So, with this awareness, hopefully we can have a more realistic view of the problem than the one conveyed and implied by the media. It is essential to weigh each implementation decision, considering compliance with the GDPR as an indispensable requirement and not as a detail reserved only for the giants of the technology sector.

Remember, GDPR is serious business and penalties affect everyone. None excluded and even if you want to risk a violation of the same you must be well aware that the problem concerns you too.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top