easyGDPR

We make implementing General Data Protection Regulation Easy

by

The flag of Germany

The imposition of GDPR fines is a right of every state in Germany. Thus, Germany differs from most EU member states, where a federal agency supervise data protection.

Thus, there is an independent data protection authority in each German state. There are also the Federal Data Protection Supervisor and two legally independent authorities for the protection of the church.

To have a full sight is difficult. In addition, the communication of the individual authorities differs. While, for example, the data protection officer of Baden-Württemberg, Stefan Brink, pursues an offensive information policy and thus provides a good insight into the work of his authority, others other do no to less public relations, such as the data protection authority of Saxony.

Since the introduction of the GDPR, more than 100 fines have already been imposed, only a fraction of which is known to the public. In our list of all GDPR fines in Germany we have collected all known fines. The list is constantly updated.

TitleType of IncidentDateNumber of involved data recordsGDPR FineSensible Data involved?
Unauthorized recording on toilet facilityIllegal data collection25/04/2023unknown25,000 €No
Disregard of the duty to inform after data theftTheft of Data19/12/2022unknown9,000 €No
Corona contact sheet disposal in the forestinadequate data protection31/12/2022unknown500 €Yes
personnel plan according to vaccination statusIllegal data processing31/12/2022unknown20,000 €Yes
Improper disposal of customer data and unlawful video surveillanceIllegal data processing31/12/2022unknown6,500 €Yes
Covid-19 test results viewable without authenticationinadequate data protection31/12/2022unknown2,700 €Yes
Refusal to delete dataCooperation refused31/12/2022unknown1,000 €No
Unlawful disposal of Covid-19 testsinadequate data protection31/12/2022unknown1,000 €Yes
Disposal of delivery bills in waste paper containersinadequate data protection31/12/2022unknown0 €No
Recording dashcam in road trafficIllegal data collection31/12/2022unknown0 €No
Unintentional posting of personal data at Covid-19 test center.Illegal data processing31/12/202211,800 €Yes
Inadmissible inspection of land register for purchase offer of building land 2Illegal data processing21/09/2022unknown50,000 €No
Inadmissible inspection of land register for offer to purchase building landIllegal data processing21/09/2022unknown5,000 €No
Evaluation of customer data without legal basis by Hannoversche VolksbankIllegal data processing28/07/2022unknown900,000 €No
Data protection violations in the use of a service provider to test a driver assistance system at VolkswagenIllegal data processing26/07/2022unknown1,100,000 €No
Queries from police systems on persons in the family environmentIllegal data processing31/12/2021unknown1,800 €No
Use of the EWO system to determine the address of the ex-partnerIllegal data processing31/12/20211600 €No
Queries from police information systems on colleaguesIllegal data processing31/12/20211500 €No
POLAS query on an online seller for private purposesIllegal data processing31/12/20211400 €No
Audio and video surveillance of employees, storage for too long, inadequate security measuresIllegal data collection31/12/2021unknown16,000 €No
Inappropriate use of contact tracing listsIllegal data processing31/12/2021unknown170 €No
Processing of sensitive data of prospective tenants without legal basisIllegal data processing03/03/202295001,900,000 €Yes
Transfer of an employee’s health data to over 3,000 customers without a legal basisIllegal data processing12/01/2021110,110 €Yes
Repeated incorrect sending of doctor’s letters, no logging function for access to patient dataIllegal data processing06/05/20211105,000 €Yes
Making video recordings of young women and girls without legal basisIllegal data collection10/06/2021unknown5,000 €No
Transfer of customer data despite objectionIllegal data processing16/06/2021unknown12,500 €No
open contact detailsno Data Protection Officer28/01/2021unknown100 €No
Video surveillance of employees customers and passers-byviolated rights of the data subject28/01/2021unknown9,444 €No
Police database abused for private purposes28/01/2021unknown600 €Yes
Advertising calls without consentviolated rights of the data subject27/02/2021unknown260,000 €No
Online store with outdated softwaretechnical deficiency27/05/2021unknown65,500 €No
Company denies access to data protection authorityCooperation refused13/07/20217,000 €No
Penalty for video surveillance in swimming facilityIllegal data collection24/03/2020unknown.12,000 €No
Penalty on computer mail orderIllegal data collection08/01/2021unknown10,400,000 €No
Data protection penalty against Vfb StuttgartIllegal data processing10/03/202170000300,000 €No
35 million DSGVO fine for H&MIllegal data collection01/10/2020unknown35,258,708 €Yes
Penalty for energy company for illegal telephone advertisingviolated rights of the data subject10/12/2018Thousands300,000 €No
Call center fined for unauthorized advertisingviolated rights of the data subject18/12/2018over 1,400300,000 €No
Personal health data accidentally published on the Internetinadequate data protection06/12/2018unknown84,000 €No
DSGVO penalty for private personIllegal data processing29/01/20191119 €No
University medical center fined for patient mix-upinadequate data protection03/12/20191105,000 €No
Penalty for Vodafone Germany for unauthorized advertising callsviolated rights of the data subject02/07/2019unknown100,000 €No
Penalty for lack of data protection officerviolated duty to inform09/12/2019010,000 €No
Sky Deutschland – 250,000 euros fineviolated rights of the data subject23/12/2019> 1.000250,000 €No
9.5 million Eur fine for 1&1 Telekominadequate data protection09/12/20199,550,000 €No
Data graveyard: 14.5 million euro finetechnical deficiency01/03/2019unknown14,500,000 €No
DSGVO fine for new owner of Delivery Heroviolated rights of the data subject23/09/2019unknown195,407 €No
Penalty against private personIllegal data processing13/02/20191602,628 €No
Penalty for late notification of a data breachviolated duty to inform01/02/2019unknown20,000 €No
Germany: DSGVO fine for police officerIllegal data processing18/06/201911,400 €Yes
Penalty against bankIllegal data processing01/01/2019unknown50,000 €No
Penalty for erroneous publication of health datatechnical deficiency12/01/2019unknown80,000 €Yes
Penalty against Jusos Baden-WürttembergIllegal data processing25/03/20191682,500 €No
Penalty against Kolibiri ImageIllegal data processing17/12/2018unknown5,000 €No
DSGVO penalty against knuddels.deTheft of Data22/11/2018330 00020,000 €No