Article 5 GDPR — enforcement
Cited in 1,716 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-01-27 | Cosmote Mobile Telecommunications S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5Art. 13Art. 14Art. 25 | €6,000,000 |
| 2022-01-27 | EU DisinfoLab Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €2,800 |
| 2022-01-27 | Private club 'Ruian' Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €2,000 |
| 2022-01-27 | Researcher Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €1,200 |
| 2022-01-26 | Uppsala hospital board Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) | Art. 5Art. 32 | €152,000 |
| 2022-01-26 | Slane Credit Union Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Ireland | Art. 5Art. 24Art. 28Art. 30 | €5,000 |
| 2022-01-21 | Property Owner Community Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,200 |
| 2022-01-19 | Fortum Marketing and Sales Polska S.A. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 24Art. 25Art. 28 | €1,000,000 |
| 2022-01-17 | C-Planet (IT Solutions) Limited Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 14 | €65,000 |
| 2022-01-17 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,500 |
| 2022-01-14 | PHARMA TALENTS, S.L.U. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 32 | €2,400 |
| 2022-01-14 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €1,500 |
| 2022-01-13 | Azienda sanitaria unica regionale Marche Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32Art. 35 | €14,000 |
| 2022-01-13 | Azienda Sanitaria Locale Frosinone Insufficient fulfilment of information obligations | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 13 | €7,500 |
| 2022-01-13 | Private individual Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 13 | €1,500 |
| 2022-01-13 | A.S.L. Napoli 1 Centro Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 2 | €1,000 |
| 2022-01-11 | Property Owner Community Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €3,000 |
| 2022-01-01 | MALTA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 6Art. 9Art. 32 | €65,000 |
| 2022-01-01 | Bank of Cyprus Public Company Ltd. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €17,000 |
| 2022-01-01 | Pharmacy Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Baden-Wuerttemberg | Art. 5 | €6,500 |
| 2022-01-01 | Cyprus Electricity Authority Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 24Art. 32 | €5,000 |
| 2022-01-01 | Credit institution Insufficient legal basis for data processing | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 6Art. 5 | €2,700 |
| 2022-01-01 | Covid-19 test center Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6 | €1,800 |
| 2022-01-01 | Physician Insufficient fulfilment of data subjects rights | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 12Art. 13 | €1,600 |
| 2022-01-01 | Website operator Insufficient fulfilment of data subjects rights | 🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Art. 5Art. 12Art. 31 | €1,300 |