Article 5 GDPR — enforcement
Cited in 1,716 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-11-11 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €42,000 |
| 2020-11-05 | Telefonica Moviles Espana, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €75,000 |
| 2020-11-03 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €30,000 |
| 2020-10-29 | Gaypa s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 12Art. 13 | €20,000 |
| 2020-10-29 | Borgo Fonte Scura s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 13 | €4,000 |
| 2020-10-28 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €36,000 |
| 2020-10-28 | Play Orenes, S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €4,000 |
| 2020-10-26 | Università Campus Bio-medico di Roma (Polyclinic) Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €20,000 |
| 2020-10-24 | Private Individual Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Sachsen-Anhalt | Art. 5Art. 32 | €200 |
| 2020-10-21 | Vilnius City Municipality Administration Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5 | €15,000 |
| 2020-10-19 | Bank of Cyprus Public Company Ltd Insufficient technical and organisational measures to ensure information security | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 15Art. 32Art. 33 | €15,000 |
| 2020-10-19 | Grant Ideas Ltd Insufficient legal basis for data processing | 🇪🇺 Cypriot Data Protection Commissioner | Art. 5Art. 6 | €1,000 |
| 2020-10-19 | Private Individual Insufficient legal basis for data processing | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 9 | €600 |
| 2020-10-19 | Private Individual Insufficient legal basis for data processing | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 6 | €150 |
| 2020-10-16 | British Airways Insufficient technical and organisational measures to ensure information security | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 32 | €22,046,000 |
| 2020-10-09 | Centro de Investigación y Estudio para la Obesidad, SL Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €50,000 |
| 2020-10-09 | Caja Rural San José de Nules S. Cooperativa de Crédito Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €5,000 |
| 2020-10-09 | Private Person Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €2,000 |
| 2020-10-09 | Café Restaurante B.B.B Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €900 |
| 2020-10-06 | Lycamobile Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €60,000 |
| 2020-10-06 | Callesgarcia, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €4,000 |
| 2020-10-03 | Avata Hispania, S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6Art. 28 | €3,000 |
| 2020-10-01 | H&M Hennes & Mauritz Online Shop A.B. & Co. KG Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hamburg | Art. 5Art. 6 | €35,258,708 |
| 2020-09-30 | Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 13Art. 28 | €80,000 |
| 2020-09-30 | Scanshare s.r.l. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 32 | €60,000 |