Skip to content

GDPR enforcement in 2022

603 decisions · €519.9M total fines · ← 2021 · 2023 →

Date ↓ Company / party Authority Articles Fine
2022-01-01 DW Dynamic Works LIMITED
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 32 €5,000
2022-01-01 PRINTAFORM Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 28Art. 32 €3,750
2022-01-01 Universal Life Insurance Public Co Ltd.
Insufficient data processing agreement
🇪🇺 Cypriot Data Protection Commissioner Art. 24Art. 28 €3,500
2022-01-01 Company
Insufficient legal basis for data processing
🇪🇺 Czech Data Protection Auhtority (UOOU) €3,400
2022-01-01 Covid-19 test center
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32 €2,700
2022-01-01 Credit institution
Insufficient legal basis for data processing
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 6Art. 5 €2,700
2022-01-01 MALTA DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 24Art. 32 €2,500
2022-01-01 Oroklini Municipal Council
Insufficient cooperation with supervisory authority
🇪🇺 Cypriot Data Protection Commissioner Art. 31 €2,000
2022-01-01 Covid-19 test center
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hessen Art. 5Art. 6 €1,800
2022-01-01 Physician
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 12Art. 13 €1,600
2022-01-01 Physician
Insufficient cooperation with supervisory authority
🇪🇺 Cypriot Data Protection Commissioner Art. 31 €1,500
2022-01-01 Covid-19 test center
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hamburg Art. 6 €1,400
2022-01-01 Dentist
Non-compliance with general data processing principles
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) €1,400
2022-01-01 Website operator
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 12Art. 31 €1,300
2022-01-01 Covid-19 test center
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Authority of Hamburg Art. 17 €1,000
2022-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hamburg Art. 32 €1,000
2022-01-01 Police officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hessen €800
2022-01-01 Restaurant
Unknown
🇪🇺 Data Protection Authority of Baden-Wuerttemberg €500
2022-01-01 Private individual
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Niedersachsen Art. 6 €500
2022-01-01 Police officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hessen €300
2022-01-01 Sports photography company
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Berlin Art. 5Art. 6
2022-01-01 Data protection officer
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Thüringen Art. 6
2022-01-01 Credit agency
Insufficient fulfilment of data subjects rights
🇪🇺 Data Protection Authority of Berlin Art. 15
2022-01-01 Operator of a swimming pool
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Brandenburg Art. 6
2022-01-01 Bank
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Brandenburg Art. 28Art. 32