Skip to content

Article 28 GDPR — enforcement

Cited in 145 decisions · €100.1M total fines · median €50,500 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (50)

Date ↓ Company / party Authority Articles Fine
2025-07-25 Legal Entity
Insufficient data processing agreement
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 28 €5,810
2025-07-21 McDonald’s Polska Sp. z o.o.
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 38 €3,955,000
2025-07-21 McDonald’s Polska Sp. z o.o.
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 38 €3,955,000
2025-07-18 ADMINISTRACIONES BENIPON, S.L.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28Art. 33 €1,100
2025-07-18 ADMINISTRACIONES BENIPON, S.L.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28Art. 33 €1,100
2025-06-25 Vodafone – PANAFON A.E.E.T.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 28 €550,000
2025-06-25 Vodafone – PANAFON A.E.E.T.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 28 €550,000
2025-06-16 ALBOR ENERGÍA S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28 €12,000
2025-06-16 ALBOR ENERGÍA S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28 €12,000
2025-06-04 Noi Compriamo Auto.it S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 24 €45,000
2025-06-04 Noi Compriamo Auto.it S.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 24 €45,000
2025-04-29 Energia Verde S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €100,000
2025-04-29 Energia Verde S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 12 €100,000
2025-04-29 Regione Lombardia
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 28 €50,000
2025-04-29 Regione Lombardia
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 28 €50,000
2025-04-29 Cooperativa Sociale Quadrifoglio
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €20,000
2025-04-29 Cooperativa Sociale Quadrifoglio
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 28Art. 32 €20,000
2025-04-14 LÃSER METALPRINT 3D, S.L.
Insufficient data processing agreement
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28 €6,000
2025-04-14 LÃSER METALPRINT 3D, S.L.
Insufficient data processing agreement
🇪🇺 Spanish Data Protection Authority (aepd) Art. 28 €6,000
2025-04-10 Acea Energia S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €3,000,000
2025-04-10 Acea Energia S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €3,000,000
2025-04-10 Network of Agencies and Companies
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €850,000
2025-04-10 Network of Agencies and Companies
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 7Art. 13 €850,000
2025-03-28 SCHOOL FITNESS HOLIDAY & FRANCHISING, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 7Art. 28 €21,600
2025-03-28 SCHOOL FITNESS HOLIDAY & FRANCHISING, S.L.
Insufficient legal basis for data processing
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 7Art. 28 €21,600