Skip to content

GDPR enforcement in 2024

318 decisions · €148.0M total fines · ← 2023 · 2025 →

Date ↓ Company / party Authority Articles Fine
2024-12-23 Panek SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 32 €357,000
2024-12-23 LÍNEA DIRECTA ASEGURADORA, S.A.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6Art. 28 €300,000
2024-12-23 Coolblue B.V
Insufficient legal basis for data processing
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 6 €40,000
2024-12-23 HSSERVICE LIZCON SOLUTIONS, S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €15,000
2024-12-23 CRIDOLMA BARCELONA S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €9,000
2024-12-23 AUTOMOCIÓN 1972, S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €2,000
2024-12-23 ENERGY WINNER, S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €600
2024-12-20 LIGA NACIONAL DE FÚTBOL PROFESIONAL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 35 €1,000,000
2024-12-18 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 38Art. 30Art. 35 €135,600
2024-12-18 ATRIUM LEX SFC
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 32 €100,000
2024-12-17 Sambla Group Oy
Insufficient technical and organisational measures to ensure information security
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 25Art. 32 €950,000
2024-12-17 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 24Art. 32Art. 35 €200,000
2024-12-16 INTERURBANA DE AUTOBUSES, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €70,000
2024-12-14 Torre Annunziata municipality
Insufficient involvement of data protection officer
🇪🇺 Italian Data Protection Authority (Garante) Art. 37 €2,000
2024-12-14 Maddaloni municipality
Insufficient involvement of data protection officer
🇪🇺 Italian Data Protection Authority (Garante) Art. 37 €2,000
2024-12-12 CAIXABANK, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 25 €3,500,000
2024-12-12 Physician
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 2 €20,000
2024-12-11 Granit Bostad Beritsholm AB
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 6Art. 13 €18,400
2024-12-10 GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 25Art. 32Art. 35 €4,000,000
2024-12-03 Private individual
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €300
2024-11-27 E.ON Energia spa
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €892,783
2024-11-27 Lyngby-Taarbæk Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet)
2024-11-26 Netflix International B.V.
Insufficient fulfilment of information obligations
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 12Art. 13Art. 15 €4,750,000
2024-11-26 Hospital
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €6,900
2024-11-22 CARTONAJES BAÑERES, S.A
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15Art. 35 €220,000