Article 9 GDPR — enforcement
Cited in 233 decisions · €44.1M total fines · median €15,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (121)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2022-07-07 | Senseonics Inc. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 9 | €45,000 |
| 2022-05-26 | Azienda sanitaria universitaria Friuli Centrale Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €70,000 |
| 2022-05-26 | Azienda sanitaria universitaria Friuli Occidentale Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 25Art. 32 | €50,000 |
| 2022-05-26 | Azienda Sanitaria Locale Roma Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €46,000 |
| 2022-05-22 | Azienda Socio Sanitaria Territoriale Dei Sette Laghi Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €7,000 |
| 2022-05-18 | Clearview Al Inc. Non-compliance with general data processing principles | 🇪🇺 Information Commissioner (ICO) | Art. 5Art. 6Art. 9Art. 14 | €9,000,000 |
| 2022-05-18 | Kredyt Inkaso Investments RO S.A Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 5Art. 6Art. 9Art. 33 | €5,000 |
| 2022-05-03 | HEI – Medical Travel Insufficient fulfilment of data subjects rights | 🇪🇺 Icelandic data protection authority ('Persónuvernd') | Art. 15Art. 9Art. 17 | €10,600 |
| 2022-04-28 | Ospedale San Raffaele s.r.l. Non-compliance with general data processing principles | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €70,000 |
| 2022-04-28 | Istituto Nazionale Assicurazione Infortuni sul Lavoro Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 32 | €50,000 |
| 2022-04-28 | Il Sole 24 Ore S.p.a. Insufficient fulfilment of data subjects rights | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 12 | €40,000 |
| 2022-04-28 | Italian Ministry of Defense Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 10 | €10,000 |
| 2022-04-28 | 'Isabella Gonzaga' high school Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €2,500 |
| 2022-04-28 | Direzione Didattica Statale 1° Circolo-Eboli Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 9Art. 2 | €1,500 |
| 2022-04-26 | ASST di Lodi Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €1,000 |
| 2022-04-04 | Brussels Airport Zaventem Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €200,000 |
| 2022-04-04 | Brussels Airport Charleroi Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €100,000 |
| 2022-04-04 | Ambuce Rescue Team Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9 | €20,000 |
| 2022-03-10 | Azienda USL Toscana Centro Insufficient technical and organisational measures to ensure information security | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9Art. 32 | €10,000 |
| 2022-03-03 | BREBAU GmbH Insufficient legal basis for data processing | 🇪🇺 Data Protection Authority of Bremen | Art. 5Art. 6Art. 9 | €1,900,000 |
| 2022-02-10 | Azienda socio sanitaria territoriale Melegnano e della Martesana Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 9 | €3,500 |
| 2022-02-02 | IAB Europe Insufficient legal basis for data processing | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €0 |
| 2022-02-01 | SC Grupex 2000 SRL Insufficient legal basis for data processing | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 6Art. 9 | €1,000 |
| 2022-01-27 | EU DisinfoLab Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €2,800 |
| 2022-01-27 | Researcher Non-compliance with general data processing principles | 🇪🇺 Belgian Data Protection Authority (APD) | Art. 5Art. 6Art. 9Art. 12 | €1,200 |