Skip to content

GDPR enforcement in 2020

414 decisions · €172.0M total fines · ← 2019 · 2021 →

Date ↓ Company / party Authority Articles Fine
2020-12-09 SPAIN DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €10,000
2020-12-09 Smart Cities Sp. z o.o.
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €2,850
2020-12-07 Perfomeclic
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 14Art. 21Art. 28 €7,300
2020-12-03 Capio St. Göran AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €2,900,000
2020-12-03 Aleris Sjukvård AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €1,463,000
2020-12-03 Aleris Sjukvård AB
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €1,168,000
2020-12-03 Karolinska University Hospital of Solna
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €390,100
2020-12-03 Sahlgrenska University Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €341,300
2020-12-03 Östergötland Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €243,800
2020-12-03 Västerbotten Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €243,800
2020-12-03 Municipality of Indre Østfold
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 6Art. 32 €18,840
2020-12-03 Dr Marín Cirugia Plástica, S.L.P.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,400
2020-12-02 Losada Advocats S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €10,000
2020-12-02 Servicio de Alojamientos Responsables, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €6,000
2020-12-02 Asociación de Víctimas por Arbitrariedades Judiciales, (JAVA)
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €5,000
2020-12-02 Comercio Online Levante, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,000
2020-12-01 Südameapteegi e-apteek
Insufficient legal basis for data processing
🇪🇺 Estonian Data Protection Authority (AKI) Art. 5Art. 6 €100,000
2020-12-01 Apotheka e-apteek
Insufficient legal basis for data processing
🇪🇺 Estonian Data Protection Authority (AKI) Art. 5Art. 6 €100,000
2020-12-01 Azeta.ee e-apteek
Insufficient legal basis for data processing
🇪🇺 Estonian Data Protection Authority (AKI) Art. 5Art. 6 €100,000
2020-12-01 Legal Person
Insufficient fulfilment of data subjects rights
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 15 €800
2020-11-30 Legal Person
Insufficient fulfilment of data subjects rights
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 17 €2,000
2020-11-30 Legal Person
Insufficient fulfilment of data subjects rights
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 17 €1,200
2020-11-27 Private Individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,200
2020-11-26 Concentrix Cvg Italy s.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €20,000
2020-11-26 Reti Televisive Italiane S.p.a.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €10,000