easyGDPR

We make implementing General Data Protection Regulation Easy

Although the GDPR is a European law, the execution is not uniform but is taken over by the data protection authorities of the member states. We would like to give you an overview of all publicly known data protection penalties since May 25, 2018. You can sort the list by clicking on the header.

TitleType of IncidentCountryDateNumber of involved data recordsGDPR FineSensible Data involved?
Storage period exceededIllegal data collectionFrance22/07/2021several million1,750,000 €Yes
Delete request ignoredviolated rights of the data subjectSpain03/08/2021196,000 €No
open contact detailsno Data Protection OfficerGermany28/01/2021unknown100 €No
Data stored from criticsFrance.28/08/2021over 200.400,000 €Yes
unwanted advertising cookies.France.29/07/2021unknown.50,000 €No
Recovery of fictitious debtsviolated duty to informSpanish27/07/2021160,000 €No
unencrypted datainadequate data protectionItaly02/08/2021unknown40,000 €No
Insufficient privacy policyviolated duty to informSpain05/08/2021unknown6,000 €No
E-mail data freely accessibleinadequate data protectionGreat Britain08/07/202155029,183 €Yes
Video surveillance is too detailedLuxembourg13/07/2021unknown12,500 €No
Video surveillance of employees customers and passers-byviolated rights of the data subjectGermany28/01/2021unknown9,444 €No
Police database abused for private purposesGermany28/01/2021unknown600 €Yes
advertising calls without consentviolated rights of the data subjectGermany27/02/2021unknown260,000 €No
Online shop with outdated softwaretechnical deficiencyGermany27/05/2021unknown65,500 €No
unlawful submissions to general practitionerstechnical deficiencyItaly20/07/202148120,000 €Yes
dentist refuses examinationIllegal data collectionItaly10/06/2021120,000 €Yes
Company refuses access to data protection authorityCooperation refusedGermany13/07/20217,000 €No
Penalty for video surveillance in swimming facilityIllegal data collectionGermany24/03/2020unknown.12,000 €No
GDPR fine after Facebook postingIllegal data processingAustria19/10/2020unknown600 €Yes
Penalty on computer mail orderIllegal data collectionGermany08/01/2021unknown10,400,000 €No
Data protection penalty against Vfb StuttgartIllegal data processingGermany10/03/202170000300,000 €No
Ticketmaster UK Limited – Hacker AttackIllegal data processingUnited Kingdom13/11/202094000001,392,525 €No
Digital Growth Experts Limited (DGEL) – Promotional EmailsUnited Kingdom22/09/20201619065,400 €No
Reliance Advisory Limited – Advertising Calls: 226,403 Euro Penalty Advertising Calls: 226,403 Euro FineIllegal data processingUnited Kingdom27/11/202015100000226,403 €No
Kebap Restaurant now only has to pay a fine of 1500 euros.19/01/20201,500 €No
Hora Credit IFN SA – 14,000 euros fine.Illegal data processingRomania10/12/201913,000 €No
Penalty against Czech bank.Illegal data processingCzech Republic01/04/201919,700 €Yes
Spam Emails: 43.928,00 EUR GDPR fineIllegal data processingUK08/10/2020900043,928 €No
100 EUR GDPR Fine for Bank BranchIllegal data collectionAustria28/05/20201100 €No
GDPR Penalty against Tax OfficeTheft of DataBulgaria16/07/20195 000 0002,600,000 €No
Penalty against Financial Institution in BulgariaIllegal data processingBulgaria24/07/2019unknown5,100 €No
Penalty against Social Securityinadequate data protectionBulgaria24/07/2019unknown2,500 €No
Penalty after Infringement of the Principle of Purpose LimitationIllegal data processingBulgaria23/07/2019unknown5,000 €No
Penalty against Bulgarian MunicipalityIllegal data processingBulgaria23/07/2019unknown7,700 €No
Penalty after Cyberattack against BankTheft of DataBulgaria28/08/2019510,000 €No
Data Processing without Legal Basis – Monetary PenaltyIllegal data processingBulgaria17/01/20201500 €No
Penalty against Ministry of the InteriorIllegal data processingBulgaria08/10/201915,000 €No
Request for Information of a Former Employee Ignoredviolated rights of the data subjectBulgaria28/10/20191500 €No
Data Disclosure Denied – GDPR Penalty in Bulgariaviolated rights of the data subjectBulgaria03/09/201911,800 €No
Penalty against Telecommunications Company and Its Managing DirectorsIllegal data processingBulgaria03/09/2019110,000 €No
GDPR Fine Imposed on Tax OfficeIllegal data processingBulgaria03/09/2019128,000 €No
Penalty against City CouncillorIllegal data processingBelgium25/11/20196545,000 €No
Another Penalty against Belgian MayorIllegal data processingBelgium25/11/20194765,000 €No
Belgium: Penalty for Incorrect Privacy Policyviolated duty to informBelgium17/12/2019unknown15,000 €No
Penalty against Nursing Organizationviolated rights of the data subjectBelgium17/12/201912,000 €No
Fine for German energy provider for illegal telephone marketingviolated rights of the data subjectGermany10/12/2018thousands300,000 €No
Fine for Callcenter for illegal marketing callsviolated rights of the data subjectGermany18/12/2018over 1.400300,000 €No
Health data accidentally leakedinadequate data protectionGermany06/12/2018unknown84,000 €No
GDPR fine for private individualIllegal data processingGermany29/01/20191119 €No
Fine for university hospital for patient mix-upinadequate data protectionGermany03/12/20191105,000 €No
GDPR fine for Austrian kebab storeIllegal data collectionAustria23/11/2018unknown1,500 €No
Fine for Vodafone Germany for illegal marketing callsviolated rights of the data subjectGermany02/07/2019unknown100,000 €No
Spain: Cookie-Banner causes 30.000€ fine for Vueling Airlinestechnical deficiencySpain24/10/2019unknown30,000 €No
Fine due to not naming a DPOno Data Protection OfficerGermany09/12/2019010,000 €No
Hora Credit IFN SA – 14.000 Euro Fineviolated rights of the data subjectRomania10/12/2019unknown14,000 €No
Allseas MARINE S.A. – 15.000 Euro Fineviolated rights of the data subjectGreece31/01/2020unknown15,000 €No
6000 Euro Fine for SC Enel Energie SAviolated rights of the data subjectRomania16/12/2019unknown6,000 €No
Entirly Shipping & Trading SRL – 10.000 Euro Bußgeldviolated rights of the data subjectRomania13/12/2019unknown10,000 €No
Social worker has to pay 482 Eurosviolated rights of the data subjectUnited Kingdom15/01/20202482 €No
Germany: PayTV channel Sky has to pay a 250.000 Euro data protection fineviolated rights of the data subjectGermany23/12/2019> 1.000250,000 €No
Hungary: 1.500 Euro Fine for a healthcare facilityviolated rights of the data subjectHungary12/11/201911,500 €No
Eni gas e luce SpA – 11,5 Mio. Euro data protection fineviolated rights of the data subjectItaly17/01/2020720011,500,000 €Yes
GDPR fine for DSG Retail LtdTheft of DataUnited Kingdom09/01/202014 million587,240 €No
GDPR fine after careless storage of health datainadequate data protectionUnited Kingdom20/12/2019500.000318,563 €Yes
9.5 million Eur fine for 1&1 Telekominadequate data protectionGermany09/12/20199,550,000 €No
Vreau Credit S.R.L fined for not reporting a Data Breachviolated duty to informRomania01/10/2019117720,000 €No
Raiffeisen Bank SA and Vreau Credit S.R.L fined for inadequate data protectioninadequate data protectionRomania01/10/20191177150,000 €No
Poland: Fine for complicate data deletion for affected peopleviolated rights of the data subjectPoland13/11/2019unknown47,000 €No
German real estate company hoards data – A GDPR fine followstechnical deficiencyGermany01/03/2019unknown14,500,000 €No
18 Million Euros GDPR fine for Austrian Post ServiceIllegal data processingAustria29/10/20193 Million18,000,000 €Yes
GDPR Fine for merchantIllegal data collectionBelgium19/09/2019unknown10,000 €No
Punishment against medical companyviolated duty to informAustria22/08/2019unknown50,000 €No
Online-Shop Morele.net – 2.2 Mio. customer records stolenTheft of DataPoland20/09/20192.2 million644,000 €Yes
GDPR fine for the new owner of a food delivery platform in Berlinviolated rights of the data subjectGermany23/09/2019unknown195,407 €No
Hungary: GDPR fine for political partyTheft of DataHungary05/04/20196.000+34,375 €No
Austria: Footballtrainer films naked playersIllegal data collectionAustria01/07/2019unknown11,000 €No
Lithuania: Data Breach at a payment service providerTheft of DataLithuania16/05/20199.00061,500 €Yes
Poland: GDPR penalty for sports associationIllegal data processingPoland25/04/201958512,950 €No
Penalty against private person in GermanyIllegal data processingGermany13/02/20191602,628 €No
Punishment against game websitetechnical deficiencyCzech Republic28/02/2019unknown580 €No
Penalty for denied data subject requestviolated rights of the data subjectCzech Republic26/02/20191770 €No
Penalty against car rentalviolated duty to informCzech Republic04/02/2019unknown1,200 €No
Penalty for missing file shreddingtechnical deficiencyCzech Republic04/02/20193001,200 €No
Penalty for Facebook postsviolated rights of the data subjectCzech Republic10/01/20191400 €No
Penalty for not deleting dataviolated rights of the data subjectCzech Republic25/10/20181400 €No
Penalty for missing deletion deadlinesIllegal data processingDenmark03/06/2019385000201,000 €No
First GDPR penalty in DenmarkIllegal data processingDenmark25/03/20198873333161,000 €No
Penalty against car insurance companytechnical deficiencyFrance18/07/2019144000180,000 €No
Penalty against real estate officetechnical deficiencyFrance28/05/201929440400,000 €No
Fine for late notification of a data breachviolated duty to informGermany01/02/2019unknown20,000 €No
Penalty for processing of personal dataIllegal data processingGreece30/07/2019unknown150,000 €No
Penalty against telephone providerIllegal data processingBulgaria26/02/2019127,000 €No
Punishment against doctor’s officeIllegal data processingBulgaria08/04/20191500 €Yes
Punishment against Bulgarian consulting companyIllegal data processingBulgaria26/03/201915,000 €No
Penalty for denied data disclosureviolated duty to informBulgaria22/02/20191500 €No
Fine against bulgarian bankIllegal data processingBulgaria04/12/20181500 €No
Fine against public utility companyIllegal data processingCzech Republic06/05/20191230 €No
Penalty against Dutch hospitaltechnical deficiencyNetherlands16/07/2019unknown460,000 €No
Fine against restaurantIllegal data collectionAustria23/11/2018unknown400 €No
Fine against fastfood restaurantIllegal data collectionAustria23/11/2018unknown1,800 €No
British Airways faces 20 million EUR GDPR fine after a data breachTheft of DataUnited Kingdom16/10/202050000022,428,000 €Yes
Fine against hospitaltechnical deficiencyCzech Republic30/09/2018unknown1,550 €Yes
Fine against Life at Parliament View LimitedTheft of DataUnited Kingdom19/07/20191861090,000 €No
Fine against European universityIllegal data processingCyprus04/07/2018unknown500 €No
Fine against IkeaIllegal data processingCyprus04/07/2018unknown500 €No
Illegal video surveillanceIllegal data collectionCyprus21/09/2018unknown5,000 €No
Fine because of lost medical recordtechnical deficiencyCyprus15/02/201915,000 €No
Erneut Strafe gegen ZeitungIllegal data processingCyprus09/01/2019210,000 €No
Fine against trading platformIllegal data processingCyprus28/03/201963,400 €No
Fine against insurance companyIllegal data processingCyprus13/03/201984,000 €No
Punishment against MarriottTheft of DataUnited Kingdom30/10/2020339 000 00020,347,230 €No
Punishment against law firmtechnical deficiencyRomania15/07/2019unknown3,000 €No
Italy: Fine for FacebookIllegal data processingItaly01/07/2019214.077 Profiles1,000,000 €No
Fine against Hotel from RomaniaIllegal data processingRomania02/07/20194615,000 €No
Punishment against Unicredit Romaniatechnical deficiencyRomania27/06/2019337 042130,000 €No
Germany: GDPR fine for Police OfficerIllegal data processingGermany18/06/201911,400 €Yes
France: GDPR violance in Consultation Officetechnical deficiencyFrance01/10/2018unknown20,000 €Yes
Spain: Soccer App spies on Fansviolated duty to informSpain12/06/2019unknown250,000 €No
Italy: Energy provider violates GDPRviolated duty to informItaly01/04/20192,018,000 €No
Fine against Restorative Justice CaseworkerIllegal data processingUnited Kingdom06/06/2019unknown680 €No
Belgium: Mayor violates GDPR for voting campaignsIllegal data processingBelgium28/05/2019unknown2,000 €No
Fine against individual in AustriaIllegal data collectionAustria27/09/2018unknown330 €No
Cyprus: GDPR fine for InfocreditIllegal data processingCyprus22/05/2018025,000 €No
City of Bergen was fined 170 000€Theft of DataNorway29/03/201935 000170,000 €Yes
Fine against Sigma Live LtdIllegal data processingCyprus12/04/201915,000 €No
Fine against newspaperIllegal data processingCyprus12/04/201953,000 €No
Fine against bank from germanyIllegal data processingGermany01/01/2019unknown50,000 €No
GDPR fine against Rousseautechnical deficiencyItaly17/04/2019unknown50,000 €No
Punishment for Carphone Warehouse for lack of data protectionTheft of DataUnited Kingdom18/01/20193 348 869460,000 €No
Punishment for mistaken publication of health datatechnical deficiencyGermany12/01/2019unknown80,000 €Yes
ICO fines Bounty Limited UKIllegal data processingUnited Kingdom11/04/201934 267 889465,000 €No
Penalty against Uber (NL)Theft of DataNetherlands27/11/2018174 000600,000 €No
Punishment against True Vision Productionsviolated duty to informUnited Kingdom10/04/20191990140,000 €Yes
Punishment against British Bible SocietyTheft of DataUnited Kingdom31/05/2018417 000115,000 €No
Fine against Bisnode Polskaviolated duty to informPoland26/03/20195 700 000220,000 €No
Punishment for inadmissible video surveillanceIllegal data collectionAustria20/12/2018unknown2,200 €No
Penalty for denied data disclosureviolated duty to informHungary06/03/201913,200 €No
Punishment against Jusos Baden-WürttembergIllegal data processingGermany25/03/20191682,500 €No
Penalty against betting shopIllegal data collectionAustria12/09/2018unknown5,280 €No
Punishment against Uber (FR)Theft of DataFrance19/12/20181 400 000400,000 €No
Punishment against Bouygues Telecomtechnical deficiencyFrance27/12/20182 176 236250,000 €No
Punishment against hospitaltechnical deficiencyPortugal17/07/2018unknown400,000 €Yes
Punishment against UberTheft of DataUnited Kingdom26/11/20182 700 000440,000 €No
Penalty against Facebook IrelandIllegal data processingUnited Kingdom24/10/201887 000 000575,000 €Yes
Punishment against Bupa Insurance Services LtdTheft of DataUnited Kingdom26/09/20181 500 000200,000 €No
Penalty against Equifax Ltdtechnical deficiencyUnited Kingdom19/09/201815 000 000575,000 €No
Punishment against the commission of inquiry against child abuseIllegal data processingUnited Kingdom05/07/201870230,000 €Yes
Punishment against the police of GloucestershireIllegal data processingUnited Kingdom11/06/20185692,000 €Yes
CNIL imposes 50 million penalty over Google LLCviolated duty to informFrance21/01/2019unknown50,000,000 €No
Punishment against Kolibiri ImageIllegal data processingGermany17/12/2018unknown5,000 €No
Punishment against Heathrow Airporttechnical deficiencyUnited Kingdom08/10/201860135,000 €Yes
Penalty against mall groupTheft of DataCzech Republic03/10/2018735 00060,000 €No
Penalty against Optical Centertechnical deficiencyFrance07/06/2018300 000250,000 €Yes
GDPR penalty against knuddels.deTheft of DataGermany22/11/2018330 00020,000 €No

Additional fines

If you have information about a GDPR fine, which is not on our list, please let us know! Name und E-Mail address are optional.

Thank you!

DSGVO Strafe
reCAPTCHA