Skip to content

GDPR enforcement in 2023

558 decisions · €457.1M total fines · ← 2022 · 2024 →

Date ↓ Company / party Authority Articles Fine
2023-04-13 Comune di Cogollo del Cengio
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 2 €3,000
2023-04-13 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-04-12 Aldi
Non-compliance with general data processing principles
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) €253,000
2023-04-07 REGENCY COMPANY SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6 €3,000
2023-04-06 Secretary of the Central Election Commission Konstantin Ninov
Insufficient legal basis for data processing
🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) Art. 6 €770
2023-04-05 Private individual
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €300
2023-04-04 TikTok
Non-compliance with general data processing principles
🇪🇺 Information Commissioner (ICO) Art. 5Art. 12Art. 13 €14,500,000
2023-04-04 BANCO BILBAO VIZCAYA ARGENTARIA, S.A.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 15 €84,000
2023-04-04 ENFOKA SISTEMAS GLOBALES, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €18,000
2023-04-04 Company
Insufficient fulfilment of information obligations
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 12Art. 13 €13,300
2023-04-04 Real Federación Española de Tenis de Mesa
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 9 €10,000
2023-04-04 Tensa Art Design SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 21 €3,000
2023-04-03 ATRESMEDIA CORPORACIÓN DE MEDIOS DE COMUNICACIÓN, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €50,000
2023-04-03 20 MINUTOS EDITORA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €50,000
2023-04-03 Private individual
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €300
2023-03-30 LISMARTSA, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,800
2023-03-27 Private individual
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6 €450
2023-03-24 INMARAN ASESORES S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €1,000
2023-03-24 ALI MARKET
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 30 €360
2023-03-23 Orange Espagne S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €70,000
2023-03-23 La Risorsa Umana.it s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 28 €40,000
2023-03-23 Bolzano municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32Art. 33 €30,000
2023-03-23 Informatica Alto Adige Spa
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2023-03-23 Tehnoplus Industry SRL
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6 €5,000
2023-03-23 Azienda socio-sanitaria locale n. 1 di Sassari
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €4,000