GDPR enforcement in 2023
558 decisions · €457.1M total fines · ← 2022 · 2024 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-10-23 | Oney Servicios Financieros E.F.C. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €50,000 |
| 2023-10-23 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2023-10-20 | BANCO BILBAO VIZCAYA ARGENTARIA, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 25Art. 32 | €800,000 |
| 2023-10-20 | DANTE INTERNATIONAL SA Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 6 | €1,000 |
| 2023-10-19 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €500 |
| 2023-10-18 | Insurance company Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33 | €24,000 |
| 2023-10-18 | UNIQUE HOTEL APARTMENT S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €2,000 |
| 2023-10-18 | FESTINA LOTUS S.A. Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 17 | €600 |
| 2023-10-17 | H&M Hennes & Mauritz GBC AB Insufficient fulfilment of data subjects rights | 🇪🇺 Data Protection Authority of Sweden | Art. 12Art. 21 | €30,000 |
| 2023-10-15 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2023-10-12 | GROUPE CANAL + Insufficient fulfilment of data subjects rights | 🇪🇺 French Data Protection Authority (CNIL) | Art. 7Art. 12Art. 13Art. 14 | €600,000 |
| 2023-10-12 | Scionti Selezioni Superiori S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €70,000 |
| 2023-10-12 | Azienda socio sanitaria territoriale di Lodi CF Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €40,000 |
| 2023-10-11 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 13 | €5,300 |
| 2023-10-11 | GREECE DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5 | €1,000 |
| 2023-10-11 | ALBEN AIRPORT FACILITIES S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €500 |
| 2023-10-11 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2023-10-10 | ILUNION SEGURIDAD, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €15,000 |
| 2023-10-10 | NORDETIA CLINICS MÓSTOLES S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €1,500 |
| 2023-10-09 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €4,000 |
| 2023-10-09 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €500 |
| 2023-10-08 | Link4 Towarzystwo Ubezpieczeń S. A. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33 | €24,000 |
| 2023-10-05 | Debt collection company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €5,470,000 |
| 2023-10-05 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €500 |
| 2023-10-03 | Schockholm School borard Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 6Art. 13 | €70,000 |