GDPR enforcement in 2020
414 decisions · €172.0M total fines · ← 2019 · 2021 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-12-30 | ING Bank N.V. Amsterdam - Bucharest office Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6 | €3,000 |
| 2020-12-29 | Qualitance QBS SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2020-12-28 | Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €18,930 |
| 2020-12-23 | BELGIUM DPA: Insufficient fulfilment of data subjects rights Insufficient fulfilment of data subjects rights | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 14Art. 12Art. 15Art. 5 | €50,000 |
| 2020-12-23 | BELGIUM DPA: Insufficient fulfilment of data subjects rights Insufficient fulfilment of data subjects rights | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 14Art. 12Art. 6Art. 5 | €15,000 |
| 2020-12-22 | Iberdrola Clientes, SAU Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 48Art. 21Art. 23 | €6,000 |
| 2020-12-22 | S.C. C&V Water Control S.A. Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €2,000 |
| 2020-12-21 | Banco Bilbao Vizcaya Argentaria, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €36,000 |
| 2020-12-20 | Locatefamily.com Non-compliance with general data processing principles | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 27 | €525,000 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €26,710 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €12,910 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €11,830 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €11,430 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €11,430 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €10,070 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €9,420 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €8,800 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €8,800 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €8,340 |
| 2020-12-18 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 14 | €8,100 |
| 2020-12-18 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 17 | €200 |
| 2020-12-17 | Roma Capitale (Rome Municipality) Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 28 | €500,000 |
| 2020-12-17 | ID Finance Poland Sp. z o.o. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €235,300 |
| 2020-12-17 | Banca Transilvania SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €100,000 |
| 2020-12-17 | Azienda Unità Sanitaria Locale Toscana Sud Est Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 28 | €100,000 |
1–25 of 414 next →