Skip to content

GDPR enforcement in 2022

603 decisions · €519.9M total fines · ← 2021 · 2023 →

Date ↓ Company / party Authority Articles Fine
2022-01-27 Cosmote Mobile Telecommunications S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 13Art. 14Art. 25 €6,000,000
2022-01-27 OTE Group
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 32 €3,200,000
2022-01-27 T.S.M. s.r.l.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 13Art. 15Art. 21Art. 157 €40,000
2022-01-27 EU DisinfoLab
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €2,800
2022-01-27 Private club 'Ruian'
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €2,000
2022-01-27 Researcher
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €1,200
2022-01-26 Uppsala hospital board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €152,000
2022-01-26 Uppsala regional board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €28,500
2022-01-26 Slane Credit Union Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 24Art. 28Art. 30 €5,000
2022-01-21 Website operator
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,000
2022-01-21 Property Owner Community
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,200
2022-01-20 Kaufland România SCS
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 15 €3,000
2022-01-19 Fortum Marketing and Sales Polska S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 28 €1,000,000
2022-01-19 Santander Bank Polska S. A.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 34 €117,000
2022-01-19 PIKA Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 28Art. 32 €53,000
2022-01-18 VODAFONE ESPAÑA, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €56,000
2022-01-18 GARLEX SOLUTIONS, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €15,000
2022-01-17 C-Planet (IT Solutions) Limited
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 14 €65,000
2022-01-17 MEETING PUERTO C.B.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €2,000
2022-01-17 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2022-01-14 REWE International AG
Unknown
🇪🇺 Austrian Data Protection Authority (dsb) €8,000,000
2022-01-14 DPG Media Magazines B.V.
Insufficient fulfilment of data subjects rights
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 12 €525,000
2022-01-14 PHARMA TALENTS, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,400
2022-01-14 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2022-01-13 Azienda sanitaria unica regionale Marche
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32Art. 35 €14,000