Skip to content

GDPR enforcement in 2023

558 decisions · €457.1M total fines · ← 2022 · 2024 →

Date ↓ Company / party Authority Articles Fine
2023-12-07 Physician
Non-compliance with general data processing principles
🇪🇺 Cypriot Data Protection Commissioner Art. 5 €1,500
2023-12-07 Sirio S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13 €1,000
2023-12-06 City of Kópavogur
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €20,000
2023-12-06 City of Hafnarfjörður
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €18,600
2023-12-06 Reykjanesbær municipality
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €16,600
2023-12-06 Garðabær municipality
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €16,600
2023-12-06 City of Reykjavik
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €13,300
2023-12-01 UNIPREX, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €30,000
2023-11-30 Limit Call S.r.l.s.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €60,000
2023-11-30 A R.L Spartan Gym
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 114 €3,000
2023-11-30 Techno Security s.r.l.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 12Art. 15 €1,000
2023-11-30 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2023-11-28 Östersund Municipality's Department for Children and Education
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden Art. 35 €26,500
2023-11-27 Norwegian Labor and Welfare Administration
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 24Art. 25Art. 32 €1,700,000
2023-11-27 SUMINISTRADOR IBÉRICO DE ENERGÍA, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €50,000
2023-11-24 Pharmacy owner
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €10,000
2023-11-24 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-11-23 Alpha Bank
Insufficient fulfilment of data subjects rights
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 12Art. 15 €10,000
2023-11-22 VODAFONE ESPAÑA, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €56,000
2023-11-22 Open University of Cyprus
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 32 €45,000
2023-11-22 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €400
2023-11-21 EASYJET AIRLINE COMPANY LIMITED
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15 €8,000
2023-11-21 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €180
2023-11-20 Private individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €10,000
2023-11-20 Libra Internet Bank SA
Insufficient cooperation with supervisory authority
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 58 €1,500