Article 35 GDPR — enforcement
Cited in 88 decisions · €509.0M total fines · median €55,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (31)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-03-15 | Ålesund Municipality Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32Art. 24Art. 35 | €4,900 |
| 2021-02-26 | Nacionaliniam visuomenės sveikatos centrui (NVSC) Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 32 | €12,000 |
| 2021-02-26 | IT sprendimai sėkmei Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 32 | €3,000 |
| 2021-02-25 | Istituto Nazionale Previdenza Sociale (INPS) Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 25Art. 35 | €300,000 |
| 2021-01-01 | Electronics store Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Niedersachsen | Art. 5Art. 17Art. 35 | €16,000 |
| 2020-12-17 | Azienda Unità Sanitaria Locale Toscana Sud Est Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 14Art. 28 | €100,000 |
| 2020-11-25 | Gnosjö Municipality Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 6Art. 13Art. 35 | €19,500 |
| 2020-07-10 | Municipality of Rælingen Insufficient technical and organisational measures to ensure information security | 🇪🇺 Norwegian Supervisory Authority (Datatilsynet) | Art. 32Art. 35 | €46,660 |
| 2020-05-29 | Taksi Helsinki Non-compliance with general data processing principles | 🇪🇺 Deputy Data Protection Ombudsman | Art. 5Art. 6Art. 35 | €72,000 |
| 2020-05-22 | Kymen Vesi Oy Non-compliance with general data processing principles | 🇪🇺 Deputy Data Protection Ombudsman | Art. 35 | €16,000 |
| 2020-01-01 | LITHUANIA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 35 | €8,000 |
| 2019-08-20 | School in Skellefteå Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Sweden | Art. 5Art. 9Art. 35Art. 36 | €18,630 |
| 2019-08-01 | Company in the medical sector Insufficient fulfilment of information obligations | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 13Art. 35Art. 37 | €25,000 |
← previous 76–88 of 88