Article 9 GDPR — enforcement
Cited in 233 decisions · €44.1M total fines · median €15,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (121)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2024-05-23 | Azienda Sanitaria Locale TO4 Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €8,400 |
| 2024-05-09 | Azienda ospedale università di Padova Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €75,000 |
| 2024-04-24 | I.N.P.A.S. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €3,000 |
| 2024-02-08 | Medtronic Italia Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 12Art. 13 | €300,000 |
| 2024-02-08 | Azienda socio-sanitaria locale n. 1 di Sassari Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €18,000 |
| 2024-02-06 | SANITAS, S.A. DE SEGUROS Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 6Art. 9 | €160,000 |
| 2024-01-24 | Municipality Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 37 | €6,000 |
| 2024-01-17 | Centrum Medyczne Ujastek Sp. z o.o. Non-compliance with general data processing principles | 🇪🇺 Polish National Personal Data Protection Office (UODO) | Art. 5Art. 6Art. 9Art. 13 | €273,000 |
| 2024-01-01 | Doctor´s Office Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6Art. 9 | €3,700 |
| 2024-01-01 | Doctor´s Office Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6Art. 9 | €3,300 |
| 2024-01-01 | Doctor´s Office Insufficient technical and organisational measures to ensure information security | 🇪🇺 Data Protection Authority of Hessen | Art. 5Art. 6Art. 9Art. 32 | €2,500 |
| 2023-12-07 | Azienda socio sanitaria territoriale nord Milano, C.F. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €40,000 |
| 2023-11-17 | Eurocollege Oxford English Institute S.L. Non-compliance with general data processing principles | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 5Art. 6Art. 9 | €72,000 |
| 2023-10-26 | Region of Lombardy Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €20,000 |
| 2023-10-12 | Azienda socio sanitaria territoriale di Lodi CF Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €40,000 |
| 2023-09-28 | Salvator Mundi International Hospital s.r.l Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €60,000 |
| 2023-09-28 | Ministero dell'Ambiente e della Sicurezza Energetica Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €5,000 |
| 2023-09-28 | Physician Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €5,000 |
| 2023-09-26 | Phyisician Non-compliance with general data processing principles | 🇪🇺 Austrian Data Protection Authority (dsb) | Art. 5Art. 9 | €10,000 |
| 2023-09-25 | FEDERACIÓN DE BALONMANO DE CASTILLA LA MANCHA Insufficient legal basis for data processing | 🇪🇺 Spanish Data Protection Authority (aepd) | Art. 9Art. 13 | €17,000 |
| 2023-09-18 | SAF LOGISTICS Non-compliance with general data processing principles | 🇪🇺 French Data Protection Authority (CNIL) | Art. 5Art. 9Art. 10Art. 31 | €200,000 |
| 2023-09-14 | Nimbus s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 13 | €5,000 |
| 2023-08-31 | Mednow Medical Center di Giugni Marco Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 12Art. 15 | €10,000 |
| 2023-07-18 | Azienda Socio Sanitaria Territoriale Ovest Milanese Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €12,000 |
| 2023-06-27 | Creditinfo Lánstraust hf. Insufficient legal basis for data processing | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 5Art. 6Art. 8Art. 9 | €257,000 |