Article 24 GDPR — enforcement
Cited in 131 decisions · €896.5M total fines · median €25,500 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (52)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-03-26 | Intesa Sanpaolo S.p.A. Insufficient technical and organisational measures to ensure information security | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 24Art. 32Art. 34 | €31,800,000 |
| 2026-03-12 | Enel Energia S.p.A. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 24 | €563,052 |
| 2026-02-26 | S.M. Trattamento Acqua di XX Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 4Art. 5Art. 6Art. 7 | €30,000 |
| 2026-02-12 | Depurazione Acqua S.r.l. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 4Art. 5Art. 6Art. 7 | €15,000 |
| 2026-02-12 | Unleadmited S.r.l. Insufficient legal basis for data processing | 🇮🇹 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 24 | €5,000 |
| 2026-02-05 | DPD Polska sp. z o.o. Insufficient data processing agreement | 🇵🇱 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 29Art. 32 | €2,682,000 |
| 2025-12-23 | Geturhotels Srl Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 17Art. 24 | €6,000 |
| 2025-12-23 | Geturhotels Srl Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 17Art. 24 | €6,000 |
| 2025-11-27 | Aimag S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €300,000 |
| 2025-11-27 | Aimag S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 13 | €300,000 |
| 2025-11-27 | Infobel Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 24 | €40,000 |
| 2025-11-27 | Infobel Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 24 | €40,000 |
| 2025-11-15 | Powiatowego Inspektora Sanitarnego w Policach Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €4,750 |
| 2025-11-15 | Powiatowego Inspektora Sanitarnego w Policach Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €4,750 |
| 2025-10-09 | FT Solutions S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €5,000 |
| 2025-10-09 | FT Solutions S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €5,000 |
| 2025-09-25 | E-Power S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €35,000 |
| 2025-09-25 | E-Power S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €35,000 |
| 2025-08-05 | Bank of Cyprus Public Company Limited Insufficient technical and organisational measures to ensure information security | 🇨🇾 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €25,000 |
| 2025-06-24 | Shield of David - K.I.D.A.F. Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 12Art. 13Art. 15 | €10,000 |
| 2025-06-24 | Shield of David - K.I.D.A.F. Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 12Art. 13Art. 15 | €10,000 |
| 2025-06-04 | Noi Compriamo Auto.it S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 24 | €45,000 |
| 2025-06-04 | Noi Compriamo Auto.it S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 24 | €45,000 |
| 2025-04-29 | Energia Verde S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
| 2025-04-29 | Energia Verde S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €100,000 |
1–25 of 131 next →