GDPR enforcement in 2024
318 decisions · €148.0M total fines · ← 2023 · 2025 →
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-05-08 | DENTALCUADROS BCN S.L.P. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 32Art. 33 | €12,000 |
| 2024-05-08 | CENTRUL MEDICAL UNIREA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 32 | €5,000 |
| 2024-05-07 | 4FINANCE SPAIN
FINANCIAL SERVICES, S.A.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €360,000 |
| 2024-05-07 | ARRENDAMIENTOS DEUDORES, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €1,200 |
| 2024-05-07 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €480 |
| 2024-05-02 | A.S. Watson Health & Beauty Continental Europe B.V. Insufficient legal basis for data processing | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5 | €50,000 |
| 2024-04-30 | Central Young Men’s Christian Association Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €8,700 |
| 2024-04-30 | DELPASO CAR
HIRE, S.L.U. Insufficient fulfilment of data subjects rights | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 15 | €1,200 |
| 2024-04-30 | Association Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33 | €210 |
| 2024-04-29 | Res-Gastro M. Gaweł Sp. k. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 25Art. 32 | €56,000 |
| 2024-04-26 | ASSOCIACIO OASIS CULTURAL Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6 | €10,000 |
| 2024-04-25 | Association Insufficient legal basis for data processing | 🇪🇺 French Data Protection Authority (CNIL) | Art. 6 | €16,000 |
| 2024-04-24 | Rossi Carta S.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 6Art. 7Art. 12Art. 15 | €30,000 |
| 2024-04-24 | Gestore Dei Servizi Energetici - Gse S.p.A. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €30,000 |
| 2024-04-24 | C.I.E.L. S.p.A. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 15 | €10,000 |
| 2024-04-24 | Dly S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 88Art. 114 | €5,000 |
| 2024-04-24 | I.N.P.A.S. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €3,000 |
| 2024-04-24 | Committee Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €2,500 |
| 2024-04-23 | ALPHA BANK ROMANIA SA. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €2,000 |
| 2024-04-22 | Betting company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 7Art. 13 | €20,000 |
| 2024-04-22 | Betting company Insufficient legal basis for data processing | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 6Art. 7Art. 13 | €15,000 |
| 2024-04-22 | S.C. Tensa Art Design S.A.. Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 6 | €2,000 |
| 2024-04-22 | CROATIA DPA: Insufficient fulfilment of information obligations Insufficient fulfilment of information obligations | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 27Art. 13 | — |
| 2024-04-19 | CONSULTORÍA PERITACIONES ALMERIENSES, S.L Insufficient cooperation with supervisory authority | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 58 | €1,000 |
| 2024-04-15 | Avast Software s.r.o. Unknown | 🇪🇺 Czech Data Protection Auhtority (UOOU) | €13,900,000 |