Skip to content

Article 35 GDPR — enforcement

Cited in 88 decisions · €509.0M total fines · median €55,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (31)

Date ↓ Company / party Authority Articles Fine
2021-03-15 Ålesund Municipality
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32Art. 24Art. 35 €4,900
2021-02-26 Nacionaliniam visuomenės sveikatos centrui (NVSC)
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 32 €12,000
2021-02-26 IT sprendimai sėkmei
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 32 €3,000
2021-02-25 Istituto Nazionale Previdenza Sociale (INPS)
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 25Art. 35 €300,000
2021-01-01 Electronics store
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Niedersachsen Art. 5Art. 17Art. 35 €16,000
2020-12-17 Azienda Unità Sanitaria Locale Toscana Sud Est
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 14Art. 28 €100,000
2020-11-25 Gnosjö Municipality
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 6Art. 13Art. 35 €19,500
2020-07-10 Municipality of Rælingen
Insufficient technical and organisational measures to ensure information security
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 32Art. 35 €46,660
2020-05-29 Taksi Helsinki
Non-compliance with general data processing principles
🇪🇺 Deputy Data Protection Ombudsman Art. 5Art. 6Art. 35 €72,000
2020-05-22 Kymen Vesi Oy
Non-compliance with general data processing principles
🇪🇺 Deputy Data Protection Ombudsman Art. 35 €16,000
2020-01-01 LITHUANIA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 13Art. 24Art. 35 €8,000
2019-08-20 School in Skellefteå
Insufficient legal basis for data processing
🇪🇺 Data Protection Authority of Sweden Art. 5Art. 9Art. 35Art. 36 €18,630
2019-08-01 Company in the medical sector
Insufficient fulfilment of information obligations
🇪🇺 Austrian Data Protection Authority (dsb) Art. 13Art. 35Art. 37 €25,000