European Economic Area (EEA) data protection bosses slapped 190 fines amounting to 410m euros last year but inconsistencies in the fines have been shown to exist.
Most slap happy is Italy with 30 actions under its belt, followed by Spain (28) and Romania (20). But the UK levied the heaviest fines, chalking up sanctions worth 312m euros (76% of the total).
These figures are drawn from analysis by clever clogs at Federprivacy who also uncovered evidence of potential double standards in how fines are handled nation by nation.
Federprivacy's Chairman Nicola Bernardi stated: "Even though GDPR has laid the groundwork for more consistent legislation in the EU about personal data protection, the report points out a double standard in imposing sanctions among the authorities.
"The one in the UK, for example, has already fined British Airways and Marriot heavily, while in Ireland no sanction has been imposed yet, even though there are huge technological corporations in this country.
"We hope this one-stop-shop system will not unfairly favour corporations like Facebook, Twitter, Amazon and Google. We await the outcome of 19 different investigations in Ireland."
The most frequently fined violations are the illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%) and computer accidents or other data breaches (9%).