Skip to content

GDPR enforcement in 2021

531 decisions · €1.3B total fines · ← 2020 · 2022 →

Date ↓ Company / party Authority Articles Fine
2021-12-31 Google LLC
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €90,000,000
2021-12-31 Facebook Ireland Ltd.
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €60,000,000
2021-12-31 Google Ireland Ltd.
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 82 €60,000,000
2021-12-31 INFO COMMUNICATION SERVICES
Insufficient fulfilment of information obligations
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 13Art. 14Art. 11 €30,000
2021-12-31 PLUS REAL ADVERTISEMENT
Insufficient fulfilment of information obligations
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 13Art. 14Art. 11 €25,000
2021-12-29 Greek Ministry of Tourism
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 13Art. 32Art. 33Art. 37 €75,000
2021-12-28 FREE MOBILE
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 12Art. 15Art. 21Art. 25 €300,000
2021-12-28 SLIMPAY
Insufficient technical and organisational measures to ensure information security
🇪🇺 French Data Protection Authority (CNIL) Art. 28Art. 32Art. 34 €180,000
2021-12-28 REAL CLUB NÁUTICO DE RIBADEO
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €6,000
2021-12-28 VENTANAS MAKE YOURSELF, S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,000
2021-12-28 Call shop manager
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,000
2021-12-26 Medical clinic
Insufficient fulfilment of information obligations
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 12Art. 13Art. 15 €5,000
2021-12-23 LA OFICINA BAR
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2021-12-22 HUBSIDE IBÉRICA S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €5,000
2021-12-22 Sfam España General s.l.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €5,000
2021-12-21 Lisbon City Council
Insufficient legal basis for data processing
🇪🇺 Portuguese Data Protection Authority (CNPD) Art. 5Art. 6Art. 9Art. 13 €1,250,000
2021-12-21 Private individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €6,000
2021-12-21 FUNDACION ESPANOLA DE MEDICINA ESTETICA Y LONGEVIDAD
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 7Art. 13 €2,000
2021-12-17 ASL Latina
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9 €10,000
2021-12-17 CLUB DEPORTIVO RITMO DE ANDALUCÍA
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 7Art. 13 €4,000
2021-12-17 T. Stene Transport AS
Unknown
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) €3,900
2021-12-17 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €2,000
2021-12-17 Online retailer
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €2,000
2021-12-16 Ubi Banca spa
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €100,000
2021-12-16 Bank
Insufficient involvement of data protection officer
🇪🇺 Belgian Data Protection Authority (APD) Art. 38 €75,000