Skip to content

GDPR enforcement in 2021

531 decisions · €1.3B total fines · ← 2020 · 2022 →

Date ↓ Company / party Authority Articles Fine
2021-12-02 Ica s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2021-12-02 Società Med Store Saronno s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €7,000
2021-12-02 Azienda USL di Parma
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €5,000
2021-12-02 IMAGINA FRAN SPORT, S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,000
2021-12-01 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €6,800
2021-12-01 INTRODUCTION BUSINESS CAPITAL MEDIA, S.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 48Art. 21Art. 23 €5,000
2021-12-01 Pactum Poland Sp. z o.o.
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €4,000
2021-11-30 DAVISER SERVICIOS, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €20,000
2021-11-30 ASOCIACIÓN ESPAÑOLA PARA LA ENSEÑANZA ONLINE
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 17Art. 21 €5,000
2021-11-30 ASOCIACIÓN ESPAÑOLA PARA LA ENSEÑANZA ONLINE
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 17Art. 21 €5,000
2021-11-30 Neighborhood community
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2021-11-29 UAB Prime Leasing
Insufficient technical and organisational measures to ensure information security
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 32 €110,000
2021-11-29 TIGERS MARKET, S.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 48Art. 21Art. 23 €4,000
2021-11-29 Restaurant owner
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €1,000
2021-11-26 Valoris Center S.R.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €2,000
2021-11-25 Dutch Minister of Finance
Insufficient legal basis for data processing
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 6Art. 8 €2,750,000
2021-11-25 Cabinet Office
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €585,000
2021-11-25 B&T S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €400,000
2021-11-25 Aimon Srl
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 21 €200,000
2021-11-25 Società H San Raffaele Resnati s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €6,000
2021-11-24 Norwegian State Pension Fund (SPK)
Insufficient legal basis for data processing
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 6Art. 9 €98,000
2021-11-24 UNIÓN FINANCIERA ASTURIANA S.A. E.F.C.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €9,000
2021-11-23 Icelandic Ministry of Industry and Innovation
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 7Art. 13 €51,000
2021-11-23 Vodafone España, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €40,000
2021-11-23 Vodafone España, SAU
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €40,000