GDPR enforcement in 2023
558 decisions · €457.1M total fines · ← 2022 · 2024 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-12-27 | THE PHONE HOUSE SPAIN, S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €6,500,000 |
| 2023-12-23 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13 | €3,500 |
| 2023-12-22 | Company Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5 | — |
| 2023-12-22 | Municipality Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | — | |
| 2023-12-22 | FRANCE DPA: Insufficient cooperation with supervisory authority Insufficient cooperation with supervisory authority | 🇪🇺 French Data Protection Authority (CNIL) | — | |
| 2023-12-22 | Candidate for parliamentary elections Insufficient fulfilment of data subjects rights | 🇪🇺 French Data Protection Authority (CNIL) | Art. 21 | — |
| 2023-12-21 | POLAND DPA: Insufficient cooperation with supervisory authority Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €4,300 |
| 2023-12-21 | Company Insufficient fulfilment of information obligations | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €2,000 |
| 2023-12-20 | Polish Minister of Health Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 25Art. 32Art. 34 | €23,000 |
| 2023-12-19 | District Court Krakow Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,300 |
| 2023-12-17 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13 | €600 |
| 2023-12-17 | TITAN STRONG, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €400 |
| 2023-12-15 | Private individual Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €200 |
| 2023-12-13 | UK Ministry of Defense Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | €400,000 | |
| 2023-12-13 | Company Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | €5,500 | |
| 2023-12-12 | VACACIONES EDREAMS, S.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15 | €10,000 |
| 2023-12-12 | AUSTRIA DPA: Insufficient fulfilment of data breach notification obligations Insufficient fulfilment of data breach notification obligations | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 31Art. 33 | €5,900 |
| 2023-12-12 | Kourou municipality Insufficient cooperation with supervisory authority | 🇪🇺 French Data Protection Authority (CNIL) | Art. 31Art. 37 | €5,000 |
| 2023-12-11 | Uber Technologies Inc.
Uber B.V. Insufficient fulfilment of information obligations | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 12Art. 13 | €10,000,000 |
| 2023-12-11 | Veranda Obor S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2023-12-07 | Azienda socio sanitaria territoriale nord Milano, C.F. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €40,000 |
| 2023-12-07 | Hora Credit IFN SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 32Art. 33 | €24,000 |
| 2023-12-07 | SOLAR PROGRESS, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €3,200 |
| 2023-12-07 | POLAND DPA: Insufficient cooperation with supervisory authority Insufficient cooperation with supervisory authority | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 31Art. 58 | €2,700 |
| 2023-12-07 | Mushtaq Rubina Kebabish Insufficient fulfilment of information obligations | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €2,000 |
1–25 of 558 next →