Skip to content

GDPR enforcement in 2023

558 decisions · €457.1M total fines · ← 2022 · 2024 →

Date ↓ Company / party Authority Articles Fine
2023-12-27 THE PHONE HOUSE SPAIN, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €6,500,000
2023-12-23 Private individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 13 €3,500
2023-12-22 Company
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5
2023-12-22 Municipality
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL)
2023-12-22 FRANCE DPA: Insufficient cooperation with supervisory authority
Insufficient cooperation with supervisory authority
🇪🇺 French Data Protection Authority (CNIL)
2023-12-22 Candidate for parliamentary elections
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 21
2023-12-21 POLAND DPA: Insufficient cooperation with supervisory authority
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €4,300
2023-12-21 Company
Insufficient fulfilment of information obligations
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €2,000
2023-12-20 Polish Minister of Health
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 25Art. 32Art. 34 €23,000
2023-12-19 District Court Krakow
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €2,300
2023-12-17 Private individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 13 €600
2023-12-17 TITAN STRONG, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €400
2023-12-15 Private individual
Insufficient cooperation with supervisory authority
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 58 €200
2023-12-13 UK Ministry of Defense
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) €400,000
2023-12-13 Company
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) €5,500
2023-12-12 VACACIONES EDREAMS, S.L.
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15 €10,000
2023-12-12 AUSTRIA DPA: Insufficient fulfilment of data breach notification obligations
Insufficient fulfilment of data breach notification obligations
🇪🇺 Austrian Data Protection Authority (dsb) Art. 31Art. 33 €5,900
2023-12-12 Kourou municipality
Insufficient cooperation with supervisory authority
🇪🇺 French Data Protection Authority (CNIL) Art. 31Art. 37 €5,000
2023-12-11 Uber Technologies Inc. Uber B.V.
Insufficient fulfilment of information obligations
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 12Art. 13 €10,000,000
2023-12-11 Veranda Obor S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €3,000
2023-12-07 Azienda socio sanitaria territoriale nord Milano, C.F.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 25Art. 32 €40,000
2023-12-07 Hora Credit IFN SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 32Art. 33 €24,000
2023-12-07 SOLAR PROGRESS, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €3,200
2023-12-07 POLAND DPA: Insufficient cooperation with supervisory authority
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €2,700
2023-12-07 Mushtaq Rubina Kebabish
Insufficient fulfilment of information obligations
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €2,000