Skip to content

GDPR enforcement in 2022

603 decisions · €519.9M total fines · ← 2021 · 2023 →

Date ↓ Company / party Authority Articles Fine
2022-04-07 Property owners' association
Insufficient cooperation with supervisory authority
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 58 €500
2022-04-05 Danske Bank
Non-compliance with general data processing principles
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 5 €1,300,000
2022-04-05 Bank of Ireland
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 32Art. 33Art. 34 €463,000
2022-04-04 Brussels Airport Zaventem
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €200,000
2022-04-04 Brussels Airport Charleroi
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €100,000
2022-04-04 Ambuce Rescue Team
Insufficient legal basis for data processing
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9 €20,000
2022-04-04 Piraeus Bank
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 33Art. 34 €10,000
2022-04-04 Mayor
Insufficient legal basis for data processing
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5 €5,000
2022-04-01 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 15Art. 17 €7,500
2022-03-29 Workshop
Non-compliance with general data processing principles
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 6Art. 13 €1,300
2022-03-28 Klarna Bank AB
Insufficient fulfilment of information obligations
🇪🇺 Data Protection Authority of Sweden Art. 5Art. 12Art. 13Art. 14 €720,000
2022-03-28 Condor SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €2,000
2022-03-25 Danish National Genome Center
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 36 €6,700
2022-03-25 Kaufland Romania SCS
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 15 €2,000
2022-03-24 Brav s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2022-03-23 POLAND DPA: Insufficient cooperation with supervisory authority
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €490
2022-03-22 English School Cyprus
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €4,000
2022-03-21 English School staff union (ESSA)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €5,000
2022-03-15 Company
Insufficient legal basis for data processing
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 6Art. 13Art. 21 €9,700
2022-03-10 Tuckers Solicitors LLP
Non-compliance with general data processing principles
🇪🇺 Information Commissioner (ICO) Art. 5 €115,000
2022-03-10 Alfa Shipyard s.r.l.
Insufficient cooperation with supervisory authority
🇪🇺 Italian Data Protection Authority (Garante) Art. 58 €10,000
2022-03-10 Azienda USL Toscana Centro
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €10,000
2022-03-10 Agenzia Regionale per la Tutela dell'Ambiente dell'Abruzzo
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 10Art. 2 €8,000
2022-03-10 Azienda sanitaria provinciale di Caltanissetta
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 15 €6,000
2022-03-10 Operatorul Briza Land S.R.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 15 €2,000