Skip to content

GDPR enforcement in 2024

318 decisions · €148.0M total fines · ← 2023 · 2025 →

Date ↓ Company / party Authority Articles Fine
2024-11-22 CARTONAJES BAÑERES, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15Art. 35 €220,000
2024-11-22 Maynooth University
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32Art. 33 €40,000
2024-11-20 POLAND DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 32 €358,000
2024-11-20 POLAND DPA: Insufficient technical and organisational measures to ensure information security
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 28Art. 32 €4,700
2024-11-20 Company
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 6Art. 13Art. 25 €2,300
2024-11-19 VODAFONE ESPAÑA, S.A.U.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €200,000
2024-11-13 Foodinho Srl
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 12 €5,000,000
2024-11-13 Posti Jakelu Oy
Insufficient legal basis for data processing
🇪🇺 Deputy Data Protection Ombudsman Art. 6 €2,400,000
2024-11-13 Illumia Spa
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 24 €678,897
2024-11-13 Sligo County Council
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 13Art. 24Art. 25 €29,500
2024-11-13 COYARE SLU
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,500
2024-11-13 4T OCIO Y CAFÉ 2009
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €500
2024-11-12 Debt collection service provider
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Hamburg Art. 5Art. 6 €900,000
2024-11-12 Uptime-IT ApS
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) €6,700
2024-11-11 Correo Inteligente Postal, S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €200,000
2024-11-07 KAFFA KOFFEE ORGANISATION, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,000
2024-11-06 MINAS DE VALDECASTILLO, S.A..
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,000
2024-11-04 Blackcab Systems SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15 €1,000
2024-11-02 OpenAI OpCo LLC
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €15,000,000
2024-10-31 NEGOCIOS R&R 2020 S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €12,000
2024-10-31 GESTIÓN DE VENTAS IBERIA S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €4,000
2024-10-31 RIVENDELL TECHNOLOGY, S.L.
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €900
2024-10-30 Untold SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 15Art. 17 €15,000
2024-10-28 Vodafone Romania S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2024-10-23 Profi Rom Food SRL
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6 €10,000