GDPR enforcement in 2021
531 decisions · €1.3B total fines · ← 2020 · 2022 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-12-02 | Ica s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2021-12-02 | Società Med Store Saronno s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €7,000 |
| 2021-12-02 | Azienda USL di Parma Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €5,000 |
| 2021-12-02 | IMAGINA FRAN SPORT, S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €2,000 |
| 2021-12-01 | LUXEMBOURG DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 13 | €6,800 |
| 2021-12-01 | INTRODUCTION BUSINESS CAPITAL MEDIA, S.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 48Art. 21Art. 23 | €5,000 |
| 2021-12-01 | Pactum Poland Sp. z o.o. Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €4,000 |
| 2021-11-30 | DAVISER SERVICIOS, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €20,000 |
| 2021-11-30 | ASOCIACIÓN ESPAÑOLA PARA LA ENSEÑANZA ONLINE Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 17Art. 21 | €5,000 |
| 2021-11-30 | ASOCIACIÓN ESPAÑOLA PARA LA ENSEÑANZA ONLINE Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 17Art. 21 | €5,000 |
| 2021-11-30 | Neighborhood community Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,500 |
| 2021-11-29 | UAB Prime Leasing Insufficient technical and organisational measures to ensure information security | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 32 | €110,000 |
| 2021-11-29 | TIGERS MARKET, S.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 48Art. 21Art. 23 | €4,000 |
| 2021-11-29 | Restaurant owner Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €1,000 |
| 2021-11-26 | Valoris Center S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €2,000 |
| 2021-11-25 | Dutch Minister of Finance Insufficient legal basis for data processing | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 6Art. 8 | €2,750,000 |
| 2021-11-25 | Cabinet Office Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €585,000 |
| 2021-11-25 | B&T S.p.A. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €400,000 |
| 2021-11-25 | Aimon Srl Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 21 | €200,000 |
| 2021-11-25 | Società H San Raffaele Resnati s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €6,000 |
| 2021-11-24 | Norwegian State Pension Fund (SPK) Insufficient legal basis for data processing | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 6Art. 9 | €98,000 |
| 2021-11-24 | UNIÓN FINANCIERA ASTURIANA S.A. E.F.C. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €9,000 |
| 2021-11-23 | Icelandic Ministry of Industry and Innovation Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 6Art. 7Art. 13 | €51,000 |
| 2021-11-23 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €40,000 |
| 2021-11-23 | Vodafone España, SAU Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €40,000 |