Skip to content

Article 5 GDPR — enforcement

Cited in 1,715 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)

Date ↓ Company / party Authority Articles Fine
2025-08-04 Comune di Venezia
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 25Art. 32 €10,000
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-08-04 Non-Public Health Care Institution
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 32 €7,700
2025-08-04 Linea Stampalibera Società Cooperativa r.I.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €2,000
2025-08-04 Linea Stampalibera Società Cooperativa r.I.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5 €2,000
2025-07-29 Legal Entity
Insufficient legal basis for data processing
🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) Art. 5Art. 6 €11,614
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 Order of Nursing Professions of Viterbo
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €10,000
2025-07-23 SATI S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €10,000
2025-07-23 SATI S.p.A.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €10,000
2025-07-21 McDonald’s Polska Sp. z o.o.
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 38 €3,955,000
2025-07-21 McDonald’s Polska Sp. z o.o.
Non-compliance with general data processing principles
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 28Art. 38 €3,955,000
2025-07-21 24/7 Communication Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 38 €43,000
2025-07-21 24/7 Communication Sp. z o.o.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 25Art. 38 €43,000
2025-07-21 Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 25Art. 32Art. 33 €9,000
2025-07-21 Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 25Art. 32Art. 33 €9,000
2025-07-17 ENDESA ENERGIA, S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €200,000
2025-07-17 ENDESA ENERGIA, S.A.U.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €200,000
2025-07-17 TRUEBA SPORT S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,200
2025-07-17 TRUEBA SPORT S.L.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,200
2025-07-16 SUNERIS, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €5,400
2025-07-16 SUNERIS, S.A.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €5,400
2025-07-11 VALORA PREVENCIÓN, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €32,000
2025-07-11 VALORA PREVENCIÓN, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €32,000
2025-07-10 Poste Vita S.p.a.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 33 €80,000