Article 37 GDPR — enforcement
Cited in 60 decisions · €6.6M total fines · median €6,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (37)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-06-10 | Foodinho s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13Art. 22Art. 25 | €2,600,000 |
| 2021-02-11 | Ministero dello Sviluppo Economico Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 37 | €75,000 |
| 2020-12-17 | Comune di Luino Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 37 | €10,000 |
| 2020-11-13 | BELGIUM DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 12Art. 13 | €1,500 |
| 2020-10-26 | Conseguridad SL Insufficient involvement of data protection officer | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 37 | €50,000 |
| 2020-06-09 | Glovoapp23 Insufficient involvement of data protection officer | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 37 | €25,000 |
| 2020-04-28 | Proximus SA Insufficient involvement of data protection officer | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 31Art. 58Art. 37 | €50,000 |
| 2019-12-09 | Rapidata GmbH Insufficient involvement of data protection officer | 🇪🇺 The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Art. 37 | €10,000 |
| 2019-08-01 | Company in the medical sector Insufficient fulfilment of information obligations | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 13Art. 35Art. 37 | €25,000 |
| 2019-01-01 | Facebook Germany GmbH Insufficient involvement of data protection officer | 🇪🇺 Data Protection Authority of Hamburg | Art. 37 | €51,000 |
← previous 51–60 of 60