Article 24 GDPR — enforcement
Cited in 131 decisions · €896.5M total fines · median €25,500 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (52)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-10-21 | Grue municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 24Art. 32 | €20,800 |
| 2024-09-04 | University of Agder Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32Art. 24 | €12,700 |
| 2024-07-17 | Hera Comm S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 15Art. 24 | €5,000,000 |
| 2024-06-27 | METRO SA Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 15Art. 17Art. 24Art. 32 | €50,000 |
| 2024-06-20 | Fastweb S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €1,000,000 |
| 2024-06-13 | Healthcare facility Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 25Art. 32Art. 34 | €9,200 |
| 2024-06-06 | Eni Plenitude S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 24Art. 25 | €6,419,631 |
| 2024-04-29 | Res-Gastro M. Gaweł Sp. k. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 24Art. 25Art. 32 | €56,000 |
| 2024-04-11 | Facile.Energy S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 24Art. 25 | €100,000 |
| 2024-04-11 | Olimpia S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 24Art. 25 | €100,000 |
| 2024-03-05 | EURO MINI STORAGE ROMANIA SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €5,000 |
| 2024-01-16 | Black Tiger Belgium Insufficient fulfilment of information obligations | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 12Art. 14 | €174,640 |
| 2023-12-06 | City of Kópavogur Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €20,000 |
| 2023-12-06 | City of Hafnarfjörður Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €18,600 |
| 2023-12-06 | Garðabær municipality Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €16,600 |
| 2023-12-06 | Reykjanesbær municipality Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €16,600 |
| 2023-12-06 | City of Reykjavik Non-compliance with general data processing principles | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 24Art. 28 | €13,300 |
| 2023-11-30 | Limit Call S.r.l.s. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €60,000 |
| 2023-11-27 | Norwegian Labor and Welfare Administration Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 5Art. 24Art. 25Art. 32 | €1,700,000 |
| 2023-10-12 | Scionti Selezioni Superiori S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €70,000 |
| 2023-09-28 | Axpo Italia Spa Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 24 | €10,000,000 |
| 2023-09-01 | TikTok Limited Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 12Art. 13Art. 24 | €345,000,000 |
| 2023-07-18 | Tiscali Italia SpA Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 13Art. 24 | €100,000 |
| 2023-07-18 | Università Telematica E-Campus Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €75,000 |
| 2023-07-18 | Compara Facile S.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €40,000 |