GDPR enforcement in 2023
558 decisions · €457.1M total fines · ← 2022 · 2024 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-10-02 | Cez Vânzare S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €1,000 |
| 2023-09-28 | Axpo Italia Spa Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 24 | €10,000,000 |
| 2023-09-28 | Salvator Mundi International Hospital s.r.l Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €60,000 |
| 2023-09-28 | Azienda Usl Toscana centro Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €50,000 |
| 2023-09-28 | Asl Napoli 3 Sud Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32 | €30,000 |
| 2023-09-28 | Ministero dell'Ambiente e della Sicurezza Energetica Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €5,000 |
| 2023-09-28 | Physician Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €5,000 |
| 2023-09-28 | Palombaro s.r.l. Insufficient fulfilment of information obligations | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €3,000 |
| 2023-09-27 | CHINA CENTER LLEIDA Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €420 |
| 2023-09-26 | DIGI SPAIN TELECOM, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €70,000 |
| 2023-09-26 | EUROPA PRESS DE CATALUNYA, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €30,000 |
| 2023-09-26 | RESTART ENERGY ONE S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €25,000 |
| 2023-09-26 | Hotel Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 13Art. 32Art. 38 | €15,000 |
| 2023-09-26 | Phyisician Non-compliance with general data processing principles | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 9 | €10,000 |
| 2023-09-26 | Self Employed Person Insufficient fulfilment of data subjects rights | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 5Art. 13 | €1,040 |
| 2023-09-25 | Athens Urban Transport Organization Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25Art. 35 | €50,000 |
| 2023-09-25 | FEDERACIÓN DE BALONMANO DE CASTILLA LA MANCHA Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 9Art. 13 | €17,000 |
| 2023-09-25 | UAT Comuna Albeni Insufficient cooperation with supervisory authority | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 58 | €2,000 |
| 2023-09-25 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2023-09-23 | CHATWITH.IO WORLDWIDE, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13Art. 22 | €12,000 |
| 2023-09-21 | Private individual Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €4,000 |
| 2023-09-21 | LUXEMBOURG DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 13 | €2,500 |
| 2023-09-21 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2023-09-19 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,500 |
| 2023-09-19 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €600 |