GDPR enforcement in 2024
318 decisions · €148.0M total fines · ← 2023 · 2025 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-12-23 | Panek SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 32 | €357,000 |
| 2024-12-23 | LÍNEA DIRECTA ASEGURADORA, S.A. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 28 | €300,000 |
| 2024-12-23 | Coolblue B.V Insufficient legal basis for data processing | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 6 | €40,000 |
| 2024-12-23 | HSSERVICE LIZCON SOLUTIONS, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €15,000 |
| 2024-12-23 | CRIDOLMA BARCELONA S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €9,000 |
| 2024-12-23 | AUTOMOCIÓN 1972, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €2,000 |
| 2024-12-23 | ENERGY WINNER, S.L. Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €600 |
| 2024-12-20 | LIGA NACIONAL DE FÚTBOL PROFESIONAL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 35 | €1,000,000 |
| 2024-12-18 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 38Art. 30Art. 35 | €135,600 |
| 2024-12-18 | ATRIUM LEX SFC Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13Art. 32 | €100,000 |
| 2024-12-17 | Sambla Group Oy Insufficient technical and organisational measures to ensure information security | 🇪🇺 Deputy Data Protection Ombudsman | Art. 5Art. 25Art. 32 | €950,000 |
| 2024-12-17 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 24Art. 32Art. 35 | €200,000 |
| 2024-12-16 | INTERURBANA DE AUTOBUSES, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €70,000 |
| 2024-12-14 | Torre Annunziata municipality Insufficient involvement of data protection officer | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 37 | €2,000 |
| 2024-12-14 | Maddaloni municipality Insufficient involvement of data protection officer | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 37 | €2,000 |
| 2024-12-12 | CAIXABANK, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 25 | €3,500,000 |
| 2024-12-12 | Physician Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 2 | €20,000 |
| 2024-12-11 | Granit Bostad Beritsholm AB Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 6Art. 13 | €18,400 |
| 2024-12-10 | GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 25Art. 32Art. 35 | €4,000,000 |
| 2024-12-03 | Private individual Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €300 |
| 2024-11-27 | E.ON Energia spa Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €892,783 |
| 2024-11-27 | Lyngby-Taarbæk Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | — | |
| 2024-11-26 | Netflix International B.V. Insufficient fulfilment of information obligations | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 12Art. 13Art. 15 | €4,750,000 |
| 2024-11-26 | Hospital Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €6,900 |
| 2024-11-22 | CARTONAJES BAÑERES, S.A Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15Art. 35 | €220,000 |
1–25 of 318 next →