GDPR enforcement in 2020
414 decisions · €172.0M total fines · ← 2019 · 2021 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-11-26 | Charly Mike s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €3,000 |
| 2020-11-25 | Miraclia Telecomunicaciones S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13Art. 14 | €40,000 |
| 2020-11-25 | Gnosjö Municipality Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 6Art. 13Art. 35 | €19,500 |
| 2020-11-25 | Private Individual Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 6Art. 25 | €1,500 |
| 2020-11-24 | City of Stockholm Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €394,000 |
| 2020-11-24 | Dada Creation S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32Art. 33 | €5,000 |
| 2020-11-23 | Burgo Group S.p.A Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €20,000 |
| 2020-11-23 | Recambios Villalegre S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13 | €12,000 |
| 2020-11-23 | Vodafone România SA Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 17 | €4,000 |
| 2020-11-19 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €36,000 |
| 2020-11-19 | Legal Person Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 6Art. 12 | €4,800 |
| 2020-11-18 | Carrefour France Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 12Art. 13Art. 15 | €2,250,000 |
| 2020-11-18 | Carrefour Banque Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5 | €800,000 |
| 2020-11-18 | Anmavas 61, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €2,000 |
| 2020-11-18 | HUNGARY DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5 | €28 |
| 2020-11-17 | Provincial Health Authority of Cosenza Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 9 | €30,000 |
| 2020-11-17 | Comune di Collegno Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 13Art. 14 | €2,000 |
| 2020-11-16 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €42,000 |
| 2020-11-16 | Homeowners Association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,600 |
| 2020-11-13 | Ticketmaster UK Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €1,405,000 |
| 2020-11-13 | BELGIUM DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 12Art. 13 | €1,500 |
| 2020-11-12 | Vodafone Italia S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 15 | €12,251,601 |
| 2020-11-11 | Telecoms provider (1&1 Telecom GmbH) Insufficient technical and organisational measures to ensure information security | 🇪🇺 The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Art. 32 | €900,000 |
| 2020-11-11 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €42,000 |
| 2020-11-10 | Miguel Ibáñez Bezanilla, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13Art. 32 | €3,000 |