GDPR enforcement in 2023
558 decisions · €457.1M total fines · ← 2022 · 2024 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-12-07 | Physician Non-compliance with general data processing principles | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5 | €1,500 |
| 2023-12-07 | Sirio S.p.A. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13 | €1,000 |
| 2023-12-06 | City of Kópavogur Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €20,000 |
| 2023-12-06 | City of Hafnarfjörður Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €18,600 |
| 2023-12-06 | Reykjanesbær municipality Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €16,600 |
| 2023-12-06 | Garðabær municipality Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €16,600 |
| 2023-12-06 | City of Reykjavik Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €13,300 |
| 2023-12-01 | UNIPREX, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €30,000 |
| 2023-11-30 | Limit Call S.r.l.s. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €60,000 |
| 2023-11-30 | A R.L Spartan Gym Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 114 | €3,000 |
| 2023-11-30 | Techno Security s.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €1,000 |
| 2023-11-30 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2023-11-28 | Östersund Municipality's Department for Children and Education Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden | Art. 35 | €26,500 |
| 2023-11-27 | Norwegian Labor and Welfare Administration Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 24Art. 25Art. 32 | €1,700,000 |
| 2023-11-27 | SUMINISTRADOR IBÉRICO DE ENERGÍA, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €50,000 |
| 2023-11-24 | Pharmacy owner Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €10,000 |
| 2023-11-24 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2023-11-23 | Alpha Bank Insufficient fulfilment of data subjects rights | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 12Art. 15 | €10,000 |
| 2023-11-22 | VODAFONE ESPAÑA, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €56,000 |
| 2023-11-22 | Open University of Cyprus Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 32 | €45,000 |
| 2023-11-22 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €400 |
| 2023-11-21 | EASYJET AIRLINE COMPANY LIMITED Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15 | €8,000 |
| 2023-11-21 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €180 |
| 2023-11-20 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €10,000 |
| 2023-11-20 | Libra Internet Bank SA Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €1,500 |