Article 12 GDPR — enforcement
Cited in 425 decisions · €1.2B total fines · median €10,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (155)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-02-03 | Alliance for the Union of Romanians (AUR) Party Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15Art. 17Art. 21 | €1,000 |
| 2026-01-30 | Natural Person Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 9Art. 10 | €10,000 |
| 2026-01-29 | Ministero della Cultura Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €12,000 |
| 2026-01-29 | Istituto San Giuseppe La Salle di Milano Non-compliance with general data processing principles | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €12,000 |
| 2026-01-08 | Money Seeds S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 14 | €2,000 |
| 2026-01-08 | Money Seeds S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 14 | €2,000 |
| 2025-12-31 | I Mathisi Insufficient fulfilment of data subjects rights | 🇬🇷 Hellenic Data Protection Authority (HDPA) | Art. 12Art. 15Art. 31 | €6,000 |
| 2025-12-29 | Order of General Nurses, Midwives and Medical Assistants of Romania – Neamt Branch Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 13 | €2,000 |
| 2025-12-29 | Order of General Nurses, Midwives and Medical Assistants of Romania – Neamt Branch Non-compliance with general data processing principles | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 13 | €2,000 |
| 2025-12-18 | Anticimex s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 13Art. 15 | €40,000 |
| 2025-12-18 | LTL S.p.A. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 15 | €40,000 |
| 2025-12-18 | Comune di Nave Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €6,000 |
| 2025-12-10 | Crowd Entertainment Limited Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15 | €15,000 |
| 2025-12-10 | Crowd Entertainment Limited Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 15 | €15,000 |
| 2025-12-08 | Legal Entity Insufficient fulfilment of data subjects rights | 🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 12Art. 13 | €5,100 |
| 2025-12-04 | Comune di Tuscania Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €12,000 |
| 2025-11-27 | Verisure Italy s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 7Art. 12Art. 13 | €400,000 |
| 2025-11-27 | Verisure Italy s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 7Art. 12Art. 13 | €400,000 |
| 2025-11-24 | Telecommunications operator (operator of electronic communications networks and services) Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €4,500,000 |
| 2025-11-24 | Telecommunications operator (operator of electronic communications networks and services) Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €4,500,000 |
| 2025-11-13 | Comune di Orte Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €6,000 |
| 2025-11-13 | Comune di Orte Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €6,000 |
| 2025-11-12 | Fan Courier Express S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €4,000 |
| 2025-11-12 | Fan Courier Express S.R.L. Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 12Art. 15 | €4,000 |
| 2025-11-10 | Whitedecor SRL Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 6Art. 7Art. 12Art. 15 | €2,000 |