GDPR enforcement in 2023
558 decisions · €457.1M total fines · ← 2022 · 2024 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-11-06 | DIGI SPAIN TELECOM, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €200,000 |
| 2023-11-06 | Private individual Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €400 |
| 2023-11-06 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2023-11-06 | Private individual Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €240 |
| 2023-11-03 | OTP BANK ROMANIA SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |
| 2023-11-03 | SINDICATO LIBRE DE TRANSPORTES Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €2,000 |
| 2023-11-03 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €600 |
| 2023-11-03 | Hotel Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2023-11-02 | INSTITUT MARQUÉS OBSTETRICIA I GINECOLOGIA, S.L.P. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 34 | €48,000 |
| 2023-11-02 | APOLLONIA TOPCO, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 38 | €30,000 |
| 2023-11-02 | Voorschoten municipality Non-compliance with general data processing principles | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 6Art. 14 | €30,000 |
| 2023-10-31 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €300 |
| 2023-10-31 | Private individual Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €180 |
| 2023-10-30 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €240 |
| 2023-10-28 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €10,000 |
| 2023-10-27 | Homeowners Association Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €500 |
| 2023-10-26 | CAIXABANK, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 25Art. 32 | €5,000,000 |
| 2023-10-26 | Region of Lombardy Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €20,000 |
| 2023-10-26 | Ophthalmologic institute Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €7,000 |
| 2023-10-26 | Homeowner administrator Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €1,000 |
| 2023-10-26 | UPMOBILE SOLUTIONS, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €500 |
| 2023-10-25 | ENDESA ENERGÍA, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33Art. 34 | €6,100,000 |
| 2023-10-25 | SC Spark Car Sharing SRL Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 7 | €1,000 |
| 2023-10-25 | BILBAO AD INFINITUM, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €500 |
| 2023-10-24 | Mensajero SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €3,000 |