Article 46 GDPR — enforcement
Cited in 5 decisions · €113.5M total fines · median €4,500,000 · top authority: 🇪🇺Croatian Data Protection Authority (azop) (2)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2026-04-01 | Ridetech International B.V. Insufficient legal basis for data processing | 🇪🇺 Dutch Supervisory Authority for Data Protection (AP) | Art. 5Art. 44Art. 46 | €100,000,000 |
| 2025-11-24 | Telecommunications operator (operator of electronic communications networks and services) Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €4,500,000 |
| 2025-11-24 | Telecommunications operator (operator of electronic communications networks and services) Non-compliance with general data processing principles | 🇪🇺 Croatian Data Protection Authority (azop) | Art. 5Art. 6Art. 12Art. 13 | €4,500,000 |
| 2022-11-02 | Portuguese National Statistical Institute Non-compliance with general data processing principles | 🇪🇺 Portuguese Data Protection Authority (CNPD) | Art. 5Art. 9Art. 12Art. 13 | €4,300,000 |
| 2021-09-16 | Bocconi University Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 13 | €200,000 |