Skip to content

Article 33 GDPR — enforcement

Cited in 118 decisions · €34.3M total fines · median €20,363 · top authority: 🇪🇺Polish National Personal Data Protection Office (UODO) (25)

Date ↓ Company / party Authority Articles Fine
2023-10-08 Link4 Towarzystwo Ubezpieczeń S. A.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33 €24,000
2023-07-12 Company
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €2,500
2023-06-08 KG COM
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 6Art. 9Art. 12 €150,000
2023-05-31 Company
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32Art. 33 €10,600
2023-03-23 Bolzano municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 32Art. 33 €30,000
2023-03-08 Argon Medical Devices
Insufficient fulfilment of data breach notification obligations
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 33 €220,000
2023-03-01 Housing cooperative
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €11,100
2023-02-20 Vodafone
Insufficient fulfilment of data breach notification obligations
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 15Art. 33 €40,000
2023-02-07 Housing association
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 28Art. 33Art. 34 €321
2023-02-02 Piraeus Bank
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 33Art. 34 €30,000
2023-01-31 Dent Estet Clinic SA
Insufficient fulfilment of data breach notification obligations
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 33 €1,000
2023-01-01 Magdeburg University Hospital
Insufficient fulfilment of data breach notification obligations
🇪🇺 Data Protection Authority of Sachsen-Anhalt Art. 33 €9,000
2022-12-08 FREE SAS
Insufficient fulfilment of data subjects rights
🇪🇺 French Data Protection Authority (CNIL) Art. 12Art. 15Art. 17Art. 32 €300,000
2022-09-28 BAYARD REVISTAS, S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 33 €31,200
2022-07-13 DKV Seguros y Reaseguros, S.A.E.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32Art. 33 €132,000
2022-07-06 Głównego Geodetę Kraju
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €12,450
2022-07-06 University Hospital of the Medical University of Warsaw
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33Art. 34 €2,120
2022-06-22 URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Spanish Data Protection Authority (aepd) Art. 33 €1,600
2022-06-06 Esselmann Technika Pojazdowa Sp. z o.o. Sp. k.
Insufficient fulfilment of data breach notification obligations
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 33 €3,500
2022-05-18 Kredyt Inkaso Investments RO S.A
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6Art. 9Art. 33 €5,000
2022-05-12 Civilstyrelsen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Danish Data Protection Authority (Datatilsynet) Art. 32Art. 33 €13,400
2022-04-05 Bank of Ireland
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 32Art. 33Art. 34 €463,000
2022-04-04 Piraeus Bank
Non-compliance with general data processing principles
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 33Art. 34 €10,000
2022-01-17 C-Planet (IT Solutions) Limited
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 14 €65,000
2022-01-01 MALTA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 32 €65,000