Article 13 GDPR — enforcement
Cited in 597 decisions · €837.4M total fines · median €4,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (223)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-03-24 | Hospital Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 14Art. 25Art. 28 | €4,000 |
| 2025-03-24 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 13Art. 32Art. 33Art. 34 | €3,000 |
| 2025-03-21 | Bucharest Down Town Hotel SRL Insufficient fulfilment of data subjects rights | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 12Art. 13Art. 15 | €1,000 |
| 2025-03-13 | Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC) Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13Art. 25 | €50,000 |
| 2025-03-13 | G@S Telecomunicazioni di Losito Lucia Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €15,000 |
| 2025-02-04 | Real estate company Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 12Art. 13 | €40,000 |
| 2025-01-16 | Realmaps S.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
| 2025-01-16 | Macelleria La Costata s.r.I.s Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13 | €1,500 |
| 2024-12-18 | ATRIUM LEX SFC Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13Art. 32 | €100,000 |
| 2024-12-11 | Granit Bostad Beritsholm AB Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 6Art. 13 | €18,400 |
| 2024-12-03 | Private individual Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €300 |
| 2024-11-26 | Netflix International B.V. Insufficient fulfilment of information obligations | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 12Art. 13Art. 15 | €4,750,000 |
| 2024-11-20 | Company Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 6Art. 13Art. 25 | €2,300 |
| 2024-11-13 | Foodinho Srl Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 12 | €5,000,000 |
| 2024-11-13 | Sligo County Council Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 13Art. 24Art. 25 | €29,500 |
| 2024-11-06 | MINAS DE VALDECASTILLO, S.A.. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,000 |
| 2024-11-02 | OpenAI OpCo LLC Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €15,000,000 |
| 2024-09-13 | Hospital Insufficient technical and organisational measures to ensure information security | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €190,000 |
| 2024-08-06 | LOCAL VERTICALS, S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €10,000 |
| 2024-07-17 | Selectra S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 88Art. 114 | €80,000 |
| 2024-07-17 | DIGIMAN ALICANTE S.L. Insufficient fulfilment of information obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 13 | €600 |
| 2024-07-11 | ASSOCIACIO CANNABICA DEL MARESME ACANNAM Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2024-06-26 | Homeowners' association Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2024-06-20 | Fastweb S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €1,000,000 |
| 2024-06-20 | Medical association Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 12Art. 13Art. 15 | €4,000 |