Skip to content

Article 5 GDPR — enforcement

Cited in 1,716 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)

Date ↓ Company / party Authority Articles Fine
2021-12-06 Telekom Romania Communications SA
Non-compliance with general data processing principles
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 17 €6,000
2021-12-03 Lawyer
Insufficient legal basis for data processing
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 6Art. 9 €843
2021-12-02 Irish Teacher Council
Insufficient technical and organisational measures to ensure information security
🇪🇺 Data Protection Authority of Ireland Art. 5Art. 32Art. 33 €60,000
2021-12-02 Ica s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2021-12-02 Casa di cura Fondazione Gaetano e Piera Borghi s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €30,000
2021-12-02 Società Med Store Saronno s.r.l.
Insufficient technical and organisational measures to ensure information security
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 32 €7,000
2021-12-02 Azienda USL di Parma
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €5,000
2021-12-01 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €6,800
2021-11-30 DAVISER SERVICIOS, S.L.
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €20,000
2021-11-30 Neighborhood community
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,500
2021-11-25 Dutch Minister of Finance
Insufficient legal basis for data processing
🇪🇺 Dutch Supervisory Authority for Data Protection (AP) Art. 5Art. 6Art. 8 €2,750,000
2021-11-25 Cabinet Office
Insufficient technical and organisational measures to ensure information security
🇪🇺 Information Commissioner (ICO) Art. 5Art. 32 €585,000
2021-11-25 B&T S.p.A.
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 13 €400,000
2021-11-25 Aimon Srl
Insufficient legal basis for data processing
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 6Art. 12Art. 21 €200,000
2021-11-25 Società H San Raffaele Resnati s.r.l.
Non-compliance with general data processing principles
🇪🇺 Italian Data Protection Authority (Garante) Art. 5Art. 9 €6,000
2021-11-24 Norwegian State Pension Fund (SPK)
Insufficient legal basis for data processing
🇪🇺 Norwegian Supervisory Authority (Datatilsynet) Art. 5Art. 6Art. 9 €98,000
2021-11-23 Icelandic Ministry of Industry and Innovation
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 7Art. 13 €51,000
2021-11-23 YAY ehf.
Non-compliance with general data processing principles
🇪🇺 Icelandic data protection authority ('Persónuvernd') Art. 5Art. 6Art. 28Art. 32 €27,200
2021-11-15 Private Individual
Non-compliance with general data processing principles
🇪🇺 Spanish Data Protection Authority (aepd) Art. 5 €1,000
2021-11-12 WS WiSpear Systems Ltd
Non-compliance with general data processing principles
🇪🇺 Cypriot Data Protection Commissioner Art. 5 €925,000
2021-11-09 LUXEMBOURG DPA: Non-compliance with general data processing principles
Non-compliance with general data processing principles
🇪🇺 National Commission for Data Protection (CNPD) Art. 5Art. 13 €1,500
2021-11-04 Régie autonome des transports parisiens
Non-compliance with general data processing principles
🇪🇺 French Data Protection Authority (CNIL) Art. 5Art. 32 €400,000
2021-10-27 Car importer
Insufficient legal basis for data processing
🇪🇺 Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) Art. 5Art. 6Art. 12Art. 13 €13,500
2021-10-26 Bank
Non-compliance with general data processing principles
🇪🇺 Bulgarian Commission for Personal Data Protection (KZLD) Art. 5 €380
2021-10-21 Glove Technology SRL
Insufficient legal basis for data processing
🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) Art. 5Art. 6 €5,000