Skip to content

Article 5 GDPR — enforcement

Cited in 1,715 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)

Date ↓ Company / party Authority Articles Fine
2023-01-31 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €600
2023-01-27 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-26 Azienda Ospedaliera Bianchi Melacrino Morelli
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32Art. 75 €7,000
2023-01-26 Misterbianco municipality
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 2 €5,000
2023-01-26 Azienda ULSS n.5 Polesana
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9Art. 32 €5,000
2023-01-24 Company
Insufficient fulfilment of data subjects rights
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 15 €8,000
2023-01-23 Centric Health Ltd.
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32 €460,000
2023-01-20 TECNO MOTOR LA MUELA, S.L.L
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €360
2023-01-20 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-19 BANCO BILBAO VIZCAYA ARGENTARIA, S.A
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €56,000
2023-01-19 Szczecin-Centrum District Court
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 32 €6,400
2023-01-17 Telecommunications Operator
Non-compliance with general data processing principles
🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) Art. 5Art. 6 €1,020
2023-01-16 Πολίτης newspaper
Non-compliance with general data processing principles
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 6 €7,000
2023-01-16 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €600
2023-01-11 Ufficio Scolastico Regionale per la Lombardia, Ufficio IV - Ambito Territoriale di Brescia
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 9Art. 2 €6,000
2023-01-11 Azienda Ospedale-Università Padova
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €5,000
2023-01-10 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-09 Praktiškas UAB
Insufficient legal basis for data processing
🇪🇺 Lithuanian Data Protection Authority (VDAI) Art. 5Art. 9Art. 13Art. 30 €6,000
2023-01-09 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €300
2023-01-03 Transport Workers' Union of Aragon
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €3,000
2023-01-03 Homeowners Association
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5 €500
2023-01-01 Bank of Cyprus Public Company Ltd.
Non-compliance with general data processing principles
🇪🇺 Cypriot Data Protection Commissioner Art. 5 €8,000
2023-01-01 Cypriot Ministry of the Interior
Non-compliance with general data processing principles
🇪🇺 Cypriot Data Protection Commissioner Art. 5 €8,000
2023-01-01 MALTA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6 €5,000
2023-01-01 Physician
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Hessen Art. 5Art. 32 €3,600