Skip to content

Article 5 GDPR — enforcement

Cited in 1,716 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)

Date ↓ Company / party Authority Articles Fine
2022-01-27 Cosmote Mobile Telecommunications S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Hellenic Data Protection Authority (HDPA) Art. 5Art. 13Art. 14Art. 25 €6,000,000
2022-01-27 EU DisinfoLab
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €2,800
2022-01-27 Private club 'Ruian'
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 13 €2,000
2022-01-27 Researcher
Non-compliance with general data processing principles
🇪🇺 Belgian Data Protection Authority (APD) Art. 5Art. 6Art. 9Art. 12 €1,200
2022-01-26 Uppsala hospital board
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) Art. 5Art. 32 €152,000
2022-01-26 Slane Credit Union Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 24Art. 28Art. 30 €5,000
2022-01-21 Property Owner Community
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,200
2022-01-19 Fortum Marketing and Sales Polska S.A.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Polish National Personal Data Protection Office (UODO) Art. 5Art. 24Art. 25Art. 28 €1,000,000
2022-01-17 C-Planet (IT Solutions) Limited
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 14 €65,000
2022-01-17 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2022-01-14 PHARMA TALENTS, S.L.U.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 32 €2,400
2022-01-14 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2022-01-13 Azienda sanitaria unica regionale Marche
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32Art. 35 €14,000
2022-01-13 Azienda Sanitaria Locale Frosinone
Insufficient fulfilment of information obligations
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 12Art. 13 €7,500
2022-01-13 Private individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5Art. 13 €1,500
2022-01-13 A.S.L. Napoli 1 Centro
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 2 €1,000
2022-01-11 Property Owner Community
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €3,000
2022-01-01 MALTA DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 Data Protection Commissioner of Malta Art. 5Art. 6Art. 9Art. 32 €65,000
2022-01-01 Bank of Cyprus Public Company Ltd.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €17,000
2022-01-01 Pharmacy
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Baden-Wuerttemberg Art. 5 €6,500
2022-01-01 Cyprus Electricity Authority
Insufficient technical and organisational measures to ensure information security
🇪🇺 Cypriot Data Protection Commissioner Art. 5Art. 24Art. 32 €5,000
2022-01-01 Credit institution
Insufficient legal basis for data processing
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 6Art. 5 €2,700
2022-01-01 Covid-19 test center
Non-compliance with general data processing principles
🇪🇺 Data Protection Authority of Hessen Art. 5Art. 6 €1,800
2022-01-01 Physician
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 12Art. 13 €1,600
2022-01-01 Website operator
Insufficient fulfilment of data subjects rights
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 12Art. 31 €1,300