GDPR enforcement in 2022
603 decisions · €519.9M total fines · ← 2021 · 2023 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-01-01 | DW Dynamic Works LIMITED Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 32 | €5,000 |
| 2022-01-01 | PRINTAFORM Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 28Art. 32 | €3,750 |
| 2022-01-01 | Universal Life Insurance Public Co Ltd. Insufficient data processing agreement | 🇪🇺 Cypriot Data Protection Commissioner | Art. 24Art. 28 | €3,500 |
| 2022-01-01 | Company Insufficient legal basis for data processing | 🇪🇺 Czech Data Protection Auhtority (UOOU) | €3,400 | |
| 2022-01-01 | Covid-19 test center Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | €2,700 |
| 2022-01-01 | Credit institution Insufficient legal basis for data processing | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 6Art. 5 | €2,700 |
| 2022-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 24Art. 32 | €2,500 |
| 2022-01-01 | Oroklini Municipal Council Insufficient cooperation with supervisory authority | 🇪🇺 Cypriot Data Protection Commissioner | Art. 31 | €2,000 |
| 2022-01-01 | Covid-19 test center Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6 | €1,800 |
| 2022-01-01 | Physician Insufficient fulfilment of data subjects rights | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 12Art. 13 | €1,600 |
| 2022-01-01 | Physician Insufficient cooperation with supervisory authority | 🇪🇺 Cypriot Data Protection Commissioner | Art. 31 | €1,500 |
| 2022-01-01 | Covid-19 test center Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hamburg | Art. 6 | €1,400 |
| 2022-01-01 | Dentist Non-compliance with general data processing principles | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | €1,400 | |
| 2022-01-01 | Website operator Insufficient fulfilment of data subjects rights | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 12Art. 31 | €1,300 |
| 2022-01-01 | Covid-19 test center Insufficient fulfilment of data subjects rights | 🇪🇺 Data Protection Authority of Hamburg | Art. 17 | €1,000 |
| 2022-01-01 | Physician Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hamburg | Art. 32 | €1,000 |
| 2022-01-01 | Police officer Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hessen | €800 | |
| 2022-01-01 | Restaurant Unknown | 🇪🇺 Data Protection Authority of Baden-Wuerttemberg | €500 | |
| 2022-01-01 | Private individual Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 6 | €500 |
| 2022-01-01 | Police officer Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hessen | €300 | |
| 2022-01-01 | Sports photography company Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Berlin | Art. 5Art. 6 | — |
| 2022-01-01 | Data protection officer Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Thüringen | Art. 6 | — |
| 2022-01-01 | Credit agency Insufficient fulfilment of data subjects rights | 🇪🇺 Data Protection Authority of Berlin | Art. 15 | — |
| 2022-01-01 | Operator of a swimming pool Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Brandenburg | Art. 6 | — |
| 2022-01-01 | Bank Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Brandenburg | Art. 28Art. 32 | — |