Article 24 GDPR — enforcement
Cited in 131 decisions · €896.5M total fines · median €25,500 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (52)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-07-18 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €3,400 |
| 2023-05-17 | Website operator Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 13 | €60,000 |
| 2023-05-16 | Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €6,700 |
| 2023-02-08 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €7,200 |
| 2023-02-06 | I&S Limited Kft Non-compliance with general data processing principles | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 6Art. 9Art. 13 | €80,500 |
| 2023-02-03 | Epic Ltd. Insufficient legal basis for data processing | 🇪🇺 Cypriot Data Protection Commissioner | Art. 6Art. 24Art. 32 | €3,250 |
| 2023-01-19 | Szczecin-Centrum District Court Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 32 | €6,400 |
| 2023-01-01 | MALTA DPA: Insufficient fulfilment of data subjects rights Insufficient fulfilment of data subjects rights | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 12Art. 13Art. 14 | €2,500 |
| 2022-12-15 | Edison Energia S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €4,900,000 |
| 2022-11-24 | Areti spa Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 15Art. 24 | €1,000,000 |
| 2022-10-20 | Douglas Italia S.p.a. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €1,400,000 |
| 2022-09-15 | Lazio Region Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 12 | €100,000 |
| 2022-09-05 | Meta Platforms, Inc. Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 6Art. 12Art. 24 | €405,000,000 |
| 2022-08-23 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 24Art. 32 | €2,500 |
| 2022-08-05 | Colosseo S.r.l. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 15 | €1,000 |
| 2022-08-05 | Mister Brick S.a.s. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 12Art. 15 | €1,000 |
| 2022-08-01 | Policoro municipality Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 13Art. 24 | €26,000 |
| 2022-07-13 | Manx Care Ltd Non-compliance with general data processing principles | 🇪🇺 Information Commissioner of Isle of Man | Art. 5Art. 24Art. 25Art. 32 | €202,000 |
| 2022-06-30 | Continental Automotive Romania SRL Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 24Art. 32 | €2,000 |
| 2022-05-25 | Roularta Media Group Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 7Art. 12 | €50,000 |
| 2022-02-08 | Budapest Bank Zrt. Insufficient legal basis for data processing | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 6Art. 12Art. 13 | €634,000 |
| 2022-02-02 | IAB Europe Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €0 |
| 2022-01-26 | Slane Credit Union Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 24Art. 28Art. 30 | €5,000 |
| 2022-01-19 | Fortum Marketing and Sales Polska S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 28 | €1,000,000 |
| 2022-01-01 | Bank of Cyprus Public Company Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €17,000 |