Skip to content

GDPR enforcement in 2023

558 decisions · €457.1M total fines · ← 2022 · 2024 →

Date ↓ Company / party Authority Articles Fine
2023-02-01 Tensa Art Design SA
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 21 €1,000
2023-01-31 Dentist
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6Art. 9 €1,000
2023-01-31 Dent Estet Clinic SA
Insufficient fulfilment of data breach notification obligations
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 33 €1,000
2023-01-31 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2023-01-31 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €600
2023-01-31 SPAIN DPA: Insufficient fulfilment of information obligations
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €180
2023-01-27 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-26 Political Party
Insufficient legal basis for data processing
🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) Art. 6 €12,800
2023-01-26 Azienda Ospedaliera Bianchi Melacrino Morelli
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32Art. 75 €7,000
2023-01-26 Misterbianco municipality
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 2 €5,000
2023-01-26 Azienda ULSS n.5 Polesana
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €5,000
2023-01-25 Company
Insufficient cooperation with supervisory authority
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 31Art. 58 €4,100
2023-01-25 CASAL DE L'ESPLUGA DE FRANCOLÍ
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €3,000
2023-01-25 SPAIN DPA: Insufficient fulfilment of information obligations
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €180
2023-01-24 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 15 €8,000
2023-01-23 Centric Health Ltd.
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32 €460,000
2023-01-20 TECNO MOTOR LA MUELA, S.L.L
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €360
2023-01-20 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-19 WhatsApp Ireland Ltd.
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Ireland Art. 6Art. 12Art. 13 €5,500,000
2023-01-19 Dutch Social Insurance Institution (SVB)
Insufficient technical and organisational measures to ensure information security
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 32 €150,000
2023-01-19 BANCO BILBAO VIZCAYA ARGENTARIA, S.A
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €56,000
2023-01-19 Szczecin-Centrum District Court
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €6,400
2023-01-18 Private investigator
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €2,000
2023-01-18 Dante Internațional SA
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 17 €1,000
2023-01-17 Dalarna Region
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 32 €17,900