Article 5 GDPR — enforcement
Cited in 1,720 decisions · €1.8B total fines · median €10,000 · top authority: 🇪🇺Spanish Data Protection Authority (aepd) (541)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2020-02-11 | Vodafone Romania Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 32 | €3,000 |
| 2020-02-06 | RTI - Reti Televisive Italiane s.p.a. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €20,000 |
| 2020-02-04 | Cafetería Nagasaki Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €1,500 |
| 2020-02-03 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €75,000 |
| 2020-02-03 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €75,000 |
| 2020-02-03 | Vodafone España, S.A.U. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €60,000 |
| 2020-02-03 | Xfera Moviles S.A. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €60,000 |
| 2020-02-03 | Vodafone España, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €50,000 |
| 2020-02-03 | Iberia Lineas Aereas de Espana, S.A. Operadora Unipersonal Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6Art. 21 | €20,000 |
| 2020-02-03 | Banco Bilbao Vizcaya Argentaria S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6Art. 21 | €6,670 |
| 2020-02-03 | Queseria Artesenal Ameco S.L. Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €5,000 |
| 2020-02-03 | Automoción Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6 | €800 |
| 2020-01-30 | Comune di Colledara Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €4,000 |
| 2020-01-23 | Sapienza Università di Roma Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2020-01-23 | Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 32 | €30,000 |
| 2020-01-15 | TIM (telecommunications operator) Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 17Art. 21 | €27,800,000 |
| 2020-01-15 | Community of Francavilla Fontana Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6 | €10,000 |
| 2020-01-14 | Zhang Bordeta 2006, S.L. (Store and Restaurant) Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €3,600 |
| 2020-01-13 | Allseas Marine S.A. Non-compliance with general data processing principles | 🇪🇺 Hellenic Data Protection Authority (HDPA) | Art. 5 | €15,000 |
| 2020-01-07 | Vodafone España, S.A.U. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5 | €44,000 |
| 2020-01-01 | CZECH REPUBLIC DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Czech Data Protection Auhtority (UOOU) | Art. 5Art. 6Art. 12Art. 15 | €19,200 |
| 2020-01-01 | Restaurant Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Saarland | Art. 5 | €10,000 |
| 2020-01-01 | LITHUANIA DPA: Non-compliance with general data processing principles Non-compliance with general data processing principles | 🇪🇺 Lithuanian Data Protection Authority (VDAI) | Art. 5Art. 13Art. 24Art. 35 | €8,000 |
| 2020-01-01 | MALTA DPA: Insufficient technical and organisational measures to ensure information security Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Commissioner of Malta | Art. 5Art. 32 | €5,000 |
| 2020-01-01 | Restaurant Non-compliance with general data processing principles | 🇪🇺 Data Protection Authority of Hamburg | Art. 5 | €3,000 |