The imposition of GDPR fines is a right of every state in Germany. Thus, Germany differs from most EU member states, where a federal agency supervise data protection.
Thus, there is an independent data protection authority in each German state. There are also the Federal Data Protection Supervisor and two legally independent authorities for the protection of the church.
To have a full sight is difficult. In addition, the communication of the individual authorities differs. While, for example, the data protection officer of Baden-Württemberg, Stefan Brink, pursues an offensive information policy and thus provides a good insight into the work of his authority, others other do no to less public relations, such as the data protection authority of Saxony.
Since the introduction of the GDPR, more than 100 fines have already been imposed, only a fraction of which is known to the public. In our list of all GDPR fines in Germany we have collected all known fines. The list is constantly updated.
|Title||Type of Incident||Date||Number of involved data records||GDPR Fine||Sensible Data involved?|
|Fine for German energy provider for illegal telephone marketing||violated rights of the data subject||10/12/2018||thousands||300,000 €||No|
|Fine for Callcenter for illegal marketing calls||violated rights of the data subject||18/12/2018||over 1.400||300,000 €||No|
|Health data accidentally leaked||inadequate data protection||06/12/2018||unknown||84,000 €||No|
|GDPR fine for private individual||Illegal data processing||29/01/2019||1||119 €||No|
|Fine for university hospital for patient mix-up||inadequate data protection||03/12/2019||1||105,000 €||No|
|Fine for Vodafone Germany for illegal marketing calls||violated rights of the data subject||02/07/2019||unknown||100,000 €||No|
|Germany: PayTV channel Sky has to pay a 250.000 Euro data protection fine||violated rights of the data subject||23/12/2019||> 1.000||250,000 €||No|
|Fine due to not naming a DPO||no Data Protection Officer||09/12/2019||0||10,000 €||No|
|9.5 million Eur fine for 1&1 Telekom||inadequate data protection||09/12/2019||9,550,000 €||No|
|German real estate company hoards data – A GDPR fine follows||technical deficiency||01/03/2019||unknown||14,500,000 €||No|
|GDPR fine for the new owner of a food delivery platform in Berlin||violated rights of the data subject||23/09/2019||unknown||195,407 €||No|
|Penalty against private person in Germany||Illegal data processing||13/02/2019||160||2,628 €||No|
|Fine for late notification of a data breach||violated duty to inform||01/02/2019||unknown||20,000 €||No|
|Germany: GDPR fine for Police Officer||Illegal data processing||18/06/2019||1||1,400 €||Yes|
|Fine against bank from germany||Illegal data processing||01/01/2019||unknown||50,000 €||No|
|Punishment for mistaken publication of health data||technical deficiency||12/01/2019||unknown||80,000 €||Yes|
|Punishment against Jusos Baden-Württemberg||Illegal data processing||25/03/2019||168||2,500 €||No|
|Punishment against Kolibiri Image||Illegal data processing||17/12/2018||unknown||5,000 €||No|
|GDPR penalty against knuddels.de||Theft of Data||22/11/2018||330 000||20,000 €||No|