Article 33 GDPR — enforcement
Cited in 118 decisions · €34.3M total fines · median €20,363 · top authority: 🇪🇺Polish National Personal Data Protection Office (UODO) (25)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-10-08 | Link4 Towarzystwo Ubezpieczeń S. A. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33 | €24,000 |
| 2023-07-12 | Company Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,500 |
| 2023-06-08 | KG COM Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 6Art. 9Art. 12 | €150,000 |
| 2023-05-31 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32Art. 33 | €10,600 |
| 2023-03-23 | Bolzano municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 32Art. 33 | €30,000 |
| 2023-03-08 | Argon Medical Devices Insufficient fulfilment of data breach notification obligations | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 33 | €220,000 |
| 2023-03-01 | Housing cooperative Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €11,100 |
| 2023-02-20 | Vodafone Insufficient fulfilment of data breach notification obligations | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 15Art. 33 | €40,000 |
| 2023-02-07 | Housing association Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 28Art. 33Art. 34 | €321 |
| 2023-02-02 | Piraeus Bank Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 33Art. 34 | €30,000 |
| 2023-01-31 | Dent Estet Clinic SA Insufficient fulfilment of data breach notification obligations | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 33 | €1,000 |
| 2023-01-01 | Magdeburg University Hospital Insufficient fulfilment of data breach notification obligations | 🇪🇺 Data Protection Authority of Sachsen-Anhalt | Art. 33 | €9,000 |
| 2022-12-08 | FREE SAS Insufficient fulfilment of data subjects rights | 🇪🇺 French Data Protection Authority (CNIL) | Art. 12Art. 15Art. 17Art. 32 | €300,000 |
| 2022-09-28 | BAYARD REVISTAS, S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €31,200 |
| 2022-07-13 | DKV Seguros y Reaseguros, S.A.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €132,000 |
| 2022-07-06 | Głównego Geodetę Kraju Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €12,450 |
| 2022-07-06 | University Hospital of the Medical University of Warsaw Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,120 |
| 2022-06-22 | URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 33 | €1,600 |
| 2022-06-06 | Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33 | €3,500 |
| 2022-05-18 | Kredyt Inkaso Investments RO S.A Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 9Art. 33 | €5,000 |
| 2022-05-12 | Civilstyrelsen Insufficient technical and organisational measures to ensure information security | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 32Art. 33 | €13,400 |
| 2022-04-05 | Bank of Ireland Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 32Art. 33Art. 34 | €463,000 |
| 2022-04-04 | Piraeus Bank Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 33Art. 34 | €10,000 |
| 2022-01-17 | C-Planet (IT Solutions) Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 14 | €65,000 |
| 2022-01-01 | MALTA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 32 | €65,000 |