Skip to content

Article 37 GDPR — enforcement

Cited in 60 decisions · €6.6M total fines · median €6,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (37)

Date ↓ Company / party Authority Articles Fine
2021-06-10 Foodinho s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13Art. 22Art. 25 €2,600,000
2021-02-11 Ministero dello Sviluppo Economico
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 37 €75,000
2020-12-17 Comune di Luino
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 37 €10,000
2020-11-13 BELGIUM DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 12Art. 13 €1,500
2020-10-26 Conseguridad SL
Insufficient involvement of data protection officer
🇪🇺 Spanish Data Protection Authority (aepd) Art. 37 €50,000
2020-06-09 Glovoapp23
Insufficient involvement of data protection officer
🇪🇺 Spanish Data Protection Authority (aepd) Art. 37 €25,000
2020-04-28 Proximus SA
Insufficient involvement of data protection officer
🇪🇺 Belgian Data Protection Authority (APD) Art. 31Art. 58Art. 37 €50,000
2019-12-09 Rapidata GmbH
Insufficient involvement of data protection officer
🇪🇺 The Federal Commissioner for Data Protection and Freedom of Information (BfDI) Art. 37 €10,000
2019-08-01 Company in the medical sector
Insufficient fulfilment of information obligations
🇪🇺 Austrian Data Protection Authority (dsb) Art. 13Art. 35Art. 37 €25,000
2019-01-01 Facebook Germany GmbH
Insufficient involvement of data protection officer
🇪🇺 Data Protection Authority of Hamburg Art. 37 €51,000