Skip to content

GDPR enforcement in 2023

558 decisions · €457.1M total fines · ← 2022 · 2024 →

Date ↓ Company / party Authority Articles Fine
2023-10-02 Cez Vânzare S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €1,000
2023-09-28 Axpo Italia Spa
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 24 €10,000,000
2023-09-28 Salvator Mundi International Hospital s.r.l
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €60,000
2023-09-28 Azienda Usl Toscana centro
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €50,000
2023-09-28 Asl Napoli 3 Sud
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32 €30,000
2023-09-28 Ministero dell'Ambiente e della Sicurezza Energetica
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 2 €5,000
2023-09-28 Physician
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €5,000
2023-09-28 Palombaro s.r.l.
Insufficient fulfilment of information obligations
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €3,000
2023-09-27 CHINA CENTER LLEIDA
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €420
2023-09-26 DIGI SPAIN TELECOM, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €70,000
2023-09-26 EUROPA PRESS DE CATALUNYA, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €30,000
2023-09-26 RESTART ENERGY ONE S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €25,000
2023-09-26 Hotel
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 13Art. 32Art. 38 €15,000
2023-09-26 Phyisician
Non-compliance with general data processing principles
🇪🇺 Austrian Data Protection Authority (dsb) Art. 5Art. 9 €10,000
2023-09-26 Self Employed Person
Insufficient fulfilment of data subjects rights
🇪🇺 Czech Data Protection Auhtority (UOOU) Art. 5Art. 13 €1,040
2023-09-25 Athens Urban Transport Organization
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 25Art. 35 €50,000
2023-09-25 FEDERACIÓN DE BALONMANO DE CASTILLA LA MANCHA
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 9Art. 13 €17,000
2023-09-25 UAT Comuna Albeni
Insufficient cooperation with supervisory authority
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 58 €2,000
2023-09-25 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2023-09-23 CHATWITH.IO WORLDWIDE, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13Art. 22 €12,000
2023-09-21 Private individual
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €4,000
2023-09-21 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €2,500
2023-09-21 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-09-19 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,500
2023-09-19 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €600