Article 5 GDPR — enforcement
Cited in 1,715 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-07-13 | DKV Seguros y Reaseguros, S.A.E. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32Art. 33 | €132,000 |
| 2022-07-12 | FREE SUN ENERGY S.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €6,000 |
| 2022-07-12 | JOYPAZAR, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,600 |
| 2022-07-12 | SMART ELECTRIC SOLUTIONS, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €800 |
| 2022-07-08 | Physician Insufficient fulfilment of data subjects rights | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 12Art. 13 | €1,500 |
| 2022-07-07 | UBEEQO INTERNATIONAL Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 12 | €175,000 |
| 2022-07-07 | Senseonics Inc. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 9 | €45,000 |
| 2022-07-07 | Intesa Sanpaolo Vita S.p.a. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5 | €20,000 |
| 2022-07-06 | ASOCIACIÓN DE AFICIONADOS Y PEQUEÑOS ACCIONISTAS UNIDAD HERCULANA Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €3,000 |
| 2022-07-05 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €600 |
| 2022-07-01 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €500 |
| 2022-07-01 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €300 |
| 2022-06-30 | Federazione Italiana Sommelier, Albergatori e Ristoratori Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €5,000 |
| 2022-06-30 | Company Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 13 | €1,400 |
| 2022-06-30 | Company Insufficient fulfilment of information obligations | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 12Art. 13 | €1,000 |
| 2022-06-30 | Company Insufficient fulfilment of information obligations | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 12Art. 13 | €1,000 |
| 2022-06-23 | CORPORACIÓN DE RADIO Y TELEVISIÓN ESPAÑOLA S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €30,000 |
| 2022-06-23 | RADIO TELEVISION MADRID, S.A. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €30,000 |
| 2022-06-22 | Gyldendal A/S Non-compliance with general data processing principles | 🇪🇺 Danish Data Protection Authority (Datatilsynet) | Art. 5 | €134,000 |
| 2022-06-22 | Company Non-compliance with general data processing principles | 🇪🇺 National Commission for Data Protection (CNPD) | Art. 5Art. 13 | €3,000 |
| 2022-06-20 | Asociația de Proprietari Aviației Park Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6 | €7,000 |
| 2022-06-16 | SCOTCH CORNER BAR Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 58 | €1,000 |
| 2022-06-09 | Tavistock & Portman NHS Foundation Trust Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €91,000 |
| 2022-06-09 | Cribis Credit Management s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €10,000 |
| 2022-06-09 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €600 |