Skip to content

GDPR enforcement in 2024

318 decisions · €148.0M total fines · ← 2023 · 2025 →

Date ↓ Company / party Authority Articles Fine
2024-05-08 DENTALCUADROS BCN S.L.P.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 32Art. 33 €12,000
2024-05-08 CENTRUL MEDICAL UNIREA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 32 €5,000
2024-05-07 4FINANCE SPAIN FINANCIAL SERVICES, S.A.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €360,000
2024-05-07 ARRENDAMIENTOS DEUDORES, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €1,200
2024-05-07 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €480
2024-05-02 A.S. Watson Health & Beauty Continental Europe B.V.
Insufficient legal basis for data processing
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5 €50,000
2024-04-30 Central Young Men’s Christian Association
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €8,700
2024-04-30 DELPASO CAR HIRE, S.L.U.
Insufficient fulfilment of data subjects rights
🇪🇺 Spanish Data Protection Authority (aepd) Art. 15 €1,200
2024-04-30 Association
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33 €210
2024-04-29 Res-Gastro M. Gaweł Sp. k.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 25Art. 32 €56,000
2024-04-26 ASSOCIACIO OASIS CULTURAL
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 6 €10,000
2024-04-25 Association
Insufficient legal basis for data processing
🇪🇺 French Data Protection Authority (CNIL) Art. 6 €16,000
2024-04-24 Rossi Carta S.r.l.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 6Art. 7Art. 12Art. 15 €30,000
2024-04-24 Gestore Dei Servizi Energetici - Gse S.p.A.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 12Art. 15 €30,000
2024-04-24 C.I.E.L. S.p.A.
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 12Art. 15 €10,000
2024-04-24 Dly S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 88Art. 114 €5,000
2024-04-24 I.N.P.A.S.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 2 €3,000
2024-04-24 Committee
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €2,500
2024-04-23 ALPHA BANK ROMANIA SA.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 29Art. 32 €2,000
2024-04-22 Betting company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 7Art. 13 €20,000
2024-04-22 Betting company
Insufficient legal basis for data processing
🇪🇺 Croatian Data Protection Authority (azop) Art. 6Art. 7Art. 13 €15,000
2024-04-22 S.C. Tensa Art Design S.A..
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 6 €2,000
2024-04-22 CROATIA DPA: Insufficient fulfilment of information obligations
Insufficient fulfilment of information obligations
🇪🇺 Croatian Data Protection Authority (azop) Art. 27Art. 13
2024-04-19 CONSULTORÍA PERITACIONES ALMERIENSES, S.L
Insufficient cooperation with supervisory authority
🇪🇺 Spanish Data Protection Authority (aepd) Art. 58 €1,000
2024-04-15 Avast Software s.r.o.
Unknown
🇪🇺 Czech Data Protection Auhtority (UOOU) €13,900,000