GDPR enforcement in 2020
414 decisions · €172.0M total fines · ← 2019 · 2021 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-12-09 | SPAIN DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €10,000 |
| 2020-12-09 | Smart Cities Sp. z o.o. Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €2,850 |
| 2020-12-07 | Perfomeclic Insufficient legal basis for data processing | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 14Art. 21Art. 28 | €7,300 |
| 2020-12-03 | Capio St. Göran AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €2,900,000 |
| 2020-12-03 | Aleris Sjukvård AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €1,463,000 |
| 2020-12-03 | Aleris Sjukvård AB Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €1,168,000 |
| 2020-12-03 | Karolinska University Hospital of Solna Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €390,100 |
| 2020-12-03 | Sahlgrenska University Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €341,300 |
| 2020-12-03 | Östergötland Region Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €243,800 |
| 2020-12-03 | Västerbotten Region Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €243,800 |
| 2020-12-03 | Municipality of Indre Østfold Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 6Art. 32 | €18,840 |
| 2020-12-03 | Dr Marín Cirugia Plástica, S.L.P. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €2,400 |
| 2020-12-02 | Losada Advocats S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €10,000 |
| 2020-12-02 | Servicio de Alojamientos Responsables, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €6,000 |
| 2020-12-02 | Asociación de Víctimas por Arbitrariedades Judiciales, (JAVA) Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €5,000 |
| 2020-12-02 | Comercio Online Levante, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €3,000 |
| 2020-12-01 | Südameapteegi e-apteek Insufficient legal basis for data processing | 🇪🇺 Estonian Data Protection Authority (AKI) | Art. 5Art. 6 | €100,000 |
| 2020-12-01 | Apotheka e-apteek Insufficient legal basis for data processing | 🇪🇺 Estonian Data Protection Authority (AKI) | Art. 5Art. 6 | €100,000 |
| 2020-12-01 | Azeta.ee e-apteek Insufficient legal basis for data processing | 🇪🇺 Estonian Data Protection Authority (AKI) | Art. 5Art. 6 | €100,000 |
| 2020-12-01 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 15 | €800 |
| 2020-11-30 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 17 | €2,000 |
| 2020-11-30 | Legal Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 17 | €1,200 |
| 2020-11-27 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,200 |
| 2020-11-26 | Concentrix Cvg Italy s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9 | €20,000 |
| 2020-11-26 | Reti Televisive Italiane S.p.a. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €10,000 |