Article 5 GDPR — enforcement
Cited in 1,715 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2025-08-04 | Comune di Venezia Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 25Art. 32 | €10,000 |
| 2025-08-04 | Non-Public Health Care Institution Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €7,700 |
| 2025-08-04 | Non-Public Health Care Institution Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 32 | €7,700 |
| 2025-08-04 | Linea Stampalibera Società Cooperativa r.I. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €2,000 |
| 2025-08-04 | Linea Stampalibera Società Cooperativa r.I. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €2,000 |
| 2025-07-29 | Legal Entity Insufficient legal basis for data processing | 🇪🇺 Slovenian Supervisory Authority (Informacijski pooblaščenec) | Art. 5Art. 6 | €11,614 |
| 2025-07-23 | Order of Nursing Professions of Viterbo Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2025-07-23 | Order of Nursing Professions of Viterbo Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €10,000 |
| 2025-07-23 | SATI S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €10,000 |
| 2025-07-23 | SATI S.p.A. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €10,000 |
| 2025-07-21 | McDonald’s Polska Sp. z o.o. Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 28Art. 38 | €3,955,000 |
| 2025-07-21 | McDonald’s Polska Sp. z o.o. Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 28Art. 38 | €3,955,000 |
| 2025-07-21 | 24/7 Communication Sp. z o.o. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 38 | €43,000 |
| 2025-07-21 | 24/7 Communication Sp. z o.o. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 25Art. 38 | €43,000 |
| 2025-07-21 | Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25Art. 32Art. 33 | €9,000 |
| 2025-07-21 | Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 25Art. 32Art. 33 | €9,000 |
| 2025-07-17 | ENDESA ENERGIA, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €200,000 |
| 2025-07-17 | ENDESA ENERGIA, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €200,000 |
| 2025-07-17 | TRUEBA SPORT S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,200 |
| 2025-07-17 | TRUEBA SPORT S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,200 |
| 2025-07-16 | SUNERIS, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €5,400 |
| 2025-07-16 | SUNERIS, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €5,400 |
| 2025-07-11 | VALORA PREVENCIÓN, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €32,000 |
| 2025-07-11 | VALORA PREVENCIÓN, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €32,000 |
| 2025-07-10 | Poste Vita S.p.a. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 33 | €80,000 |