Skip to content

GDPR enforcement in 2020

414 decisions · €172.0M total fines · ← 2019 · 2021 →

Date ↓ Company / party Authority Articles Fine
2020-01-01 Clearview AI Inc.
Insufficient cooperation with supervisory authority
🇪🇺 Data Protection Authority of Hamburg Art. 58 €10,000
2020-01-01 LITHUANIA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 35 €8,000
2020-01-01 GERMANY DPA: Insufficient cooperation with supervisory authority
Insufficient cooperation with supervisory authority
🇪🇺 Data Protection Authority of Bavaria Art. 58 €7,000
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 32 €5,000
2020-01-01 LIECHTENSTEIN DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Liechtenstein €4,100
2020-01-01 MALTA DPA: Insufficient fulfilment of data subjects rights
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Commissioner of Malta Art. 13Art. 15 €4,000
2020-01-01 Television broadcaster
Insufficient fulfilment of information obligations
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 12 €3,850
2020-01-01 Restaurant
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hamburg Art. 5 €3,000
2020-01-01 Mall.tv
Insufficient legal basis for data processing
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 5Art. 6 €2,700
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,500
2020-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 32 €2,000
2020-01-01 CZECH REPUBLIC DPA: Insufficient fulfilment of data subjects rights
Insufficient fulfilment of data subjects rights
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 12Art. 15 €1,900
2020-01-01 Police officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hamburg Art. 5Art. 6 €400
2020-01-01 Private healthcare provider
Insufficient technical and organisational measures to ensure information security
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 24Art. 32 €387
2020-01-01 Employee at a Covid 19 testing center
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hessen Art. 5 €300
2020-01-01 Police officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hamburg Art. 5Art. 6 €300
2020-01-01 CZECH REPUBLIC DPA: Insufficient legal basis for data processing
Insufficient legal basis for data processing
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 5
2020-01-01 Corporation
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Authority of Hessen Art. 12Art. 15
2020-01-01 Ski rental company
Non-compliance with general data processing principles
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 5Art. 6Art. 7Art. 12
2020-01-01 Police officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hamburg Art. 5Art. 6
2020-01-01 Operator of a ballet school
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Brandenburg Art. 5Art. 6Art. 7
2020-01-01 CZECH REPUBLIC DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 5
2020-01-01 Restaurant
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32