Skip to content

Article 24 GDPR — enforcement

Cited in 131 decisions · €896.5M total fines · median €25,500 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (52)

Date ↓ Company / party Authority Articles Fine
2024-10-21 Grue municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 24Art. 32 €20,800
2024-09-04 University of Agder
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32Art. 24 €12,700
2024-07-17 Hera Comm S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 15Art. 24 €5,000,000
2024-06-27 METRO SA
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 15Art. 17Art. 24Art. 32 €50,000
2024-06-20 Fastweb S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €1,000,000
2024-06-13 Healthcare facility
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 25Art. 32Art. 34 €9,200
2024-06-06 Eni Plenitude S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 24Art. 25 €6,419,631
2024-04-29 Res-Gastro M. Gaweł Sp. k.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 24Art. 25Art. 32 €56,000
2024-04-11 Facile.Energy S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 24Art. 25 €100,000
2024-04-11 Olimpia S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 24Art. 25 €100,000
2024-03-05 EURO MINI STORAGE ROMANIA SRL
Insufficient technical and organisational measures to ensure information security
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 24Art. 32 €5,000
2024-01-16 Black Tiger Belgium
Insufficient fulfilment of information obligations
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 12Art. 14 €174,640
2023-12-06 City of Kópavogur
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €20,000
2023-12-06 City of Hafnarfjörður
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €18,600
2023-12-06 Garðabær municipality
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €16,600
2023-12-06 Reykjanesbær municipality
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €16,600
2023-12-06 City of Reykjavik
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 24Art. 28 €13,300
2023-11-30 Limit Call S.r.l.s.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €60,000
2023-11-27 Norwegian Labor and Welfare Administration
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 24Art. 25Art. 32 €1,700,000
2023-10-12 Scionti Selezioni Superiori S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €70,000
2023-09-28 Axpo Italia Spa
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 24 €10,000,000
2023-09-01 TikTok Limited
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 12Art. 13Art. 24 €345,000,000
2023-07-18 Tiscali Italia SpA
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 13Art. 24 €100,000
2023-07-18 Università Telematica E-Campus
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €75,000
2023-07-18 Compara Facile S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €40,000