Skip to content

Article 13 GDPR — enforcement

Cited in 597 decisions · €837.4M total fines · median €4,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (223)

Date ↓ Company / party Authority Articles Fine
2025-03-24 Hospital
Non-compliance with general data processing principles
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 14Art. 25Art. 28 €4,000
2025-03-24 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 13Art. 32Art. 33Art. 34 €3,000
2025-03-21 Bucharest Down Town Hotel SRL
Insufficient fulfilment of data subjects rights
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 12Art. 13Art. 15 €1,000
2025-03-13 Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC)
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13Art. 25 €50,000
2025-03-13 G@S Telecomunicazioni di Losito Lucia
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €15,000
2025-02-04 Real estate company
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 12Art. 13 €40,000
2025-01-16 Realmaps S.r.l.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €100,000
2025-01-16 Macelleria La Costata s.r.I.s
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 13 €1,500
2024-12-18 ATRIUM LEX SFC
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13Art. 32 €100,000
2024-12-11 Granit Bostad Beritsholm AB
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 6Art. 13 €18,400
2024-12-03 Private individual
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €300
2024-11-26 Netflix International B.V.
Insufficient fulfilment of information obligations
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 12Art. 13Art. 15 €4,750,000
2024-11-20 Company
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 6Art. 13Art. 25 €2,300
2024-11-13 Foodinho Srl
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 12 €5,000,000
2024-11-13 Sligo County Council
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 13Art. 24Art. 25 €29,500
2024-11-06 MINAS DE VALDECASTILLO, S.A..
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,000
2024-11-02 OpenAI OpCo LLC
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €15,000,000
2024-09-13 Hospital
Insufficient technical and organisational measures to ensure information security
🇪🇺 Croatian Data Protection Authority (azop) Art. 5Art. 6Art. 12Art. 13 €190,000
2024-08-06 LOCAL VERTICALS, S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €10,000
2024-07-17 Selectra S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 88Art. 114 €80,000
2024-07-17 DIGIMAN ALICANTE S.L.
Insufficient fulfilment of information obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 13 €600
2024-07-11 ASSOCIACIO CANNABICA DEL MARESME ACANNAM
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2024-06-26 Homeowners' association
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2024-06-20 Fastweb S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €1,000,000
2024-06-20 Medical association
Insufficient fulfilment of data subjects rights
🇪🇺 Italian Data Protection Authority (Garante) Art. 12Art. 13Art. 15 €4,000