Article 34 GDPR — enforcement
Cited in 60 decisions · €83.1M total fines · median €26,350 · top authority: 🇪🇺Polish National Personal Data Protection Office (UODO) (24)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2023-12-19 | District Court Krakow Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,300 |
| 2023-11-02 | INSTITUT MARQUÉS OBSTETRICIA I GINECOLOGIA, S.L.P. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 34 | €48,000 |
| 2023-10-25 | ENDESA ENERGÍA, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33Art. 34 | €6,100,000 |
| 2023-07-12 | Company Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,500 |
| 2023-05-31 | Company Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32Art. 33 | €10,600 |
| 2023-03-01 | Housing cooperative Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €11,100 |
| 2023-02-07 | Housing association Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 28Art. 33Art. 34 | €321 |
| 2023-02-02 | Piraeus Bank Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 33Art. 34 | €30,000 |
| 2022-07-13 | Manx Care Ltd Non-compliance with general data processing principles | 🇪🇺 Information Commissioner of Isle of Man | Art. 5Art. 24Art. 25Art. 32 | €202,000 |
| 2022-07-06 | Głównego Geodetę Kraju Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €12,450 |
| 2022-07-06 | University Hospital of the Medical University of Warsaw Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €2,120 |
| 2022-04-05 | Bank of Ireland Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 32Art. 33Art. 34 | €463,000 |
| 2022-04-04 | Piraeus Bank Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 33Art. 34 | €10,000 |
| 2022-01-19 | Santander Bank Polska S. A. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 34 | €117,000 |
| 2022-01-17 | C-Planet (IT Solutions) Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 14 | €65,000 |
| 2022-01-01 | MALTA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 32 | €65,000 |
| 2021-12-28 | SLIMPAY Insufficient technical and organisational measures to ensure information security | 🇪🇺 French Data Protection Authority (CNIL) | Art. 28Art. 32Art. 34 | €180,000 |
| 2021-12-07 | Psykoterapiakeskus Vastaamo Non-compliance with general data processing principles | 🇪🇺 Deputy Data Protection Ombudsman | Art. 5Art. 33Art. 34 | €608,000 |
| 2021-10-14 | Bank Millennium S.A Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €78,000 |
| 2021-06-30 | Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €3,000 |
| 2021-06-21 | Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. Insufficient fulfilment of data breach notification obligations | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 33Art. 34 | €35,300 |
| 2021-04-22 | Cyfrowy Polsat S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish Data Protection Authority (UODO) | Art. 24Art. 32Art. 34 | €245,000 |
| 2021-03-25 | Fastweb S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €4,500,000 |
| 2021-03-24 | Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 32Art. 33Art. 34 | €27,700 |
| 2021-01-22 | BELGIUM DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 24Art. 32Art. 33 | €25,000 |