easyGDPR

We make implementing General Data Protection Regulation Easy

Although the GDPR is a European law, the execution is not uniform but is taken over by the respective data protection authorities of the member states. We would like to give you an overview of all publicly known data protection penalties since May 25, 2018. You can sort the list by clicking on the heading.

TitleType of IncidentCountryDateNumber of involved data recordsGDPR FineSensible Data involved?
Unauthorized filming of construction workers, neighbors and passers-byIllegal data collectionGermany19/12/2022unknown4,750 €No
Entrepreneur publishes data of employeesIllegal data processingGermany20/06/2022unknown200 €No
1,752,149 Unauthorized advertising callsIllegal data processingUnited Kingdom15/02/20231752149225,161 €No
Disclosure of personal data via social mediaIllegal data processingGermany29/08/2022unknown200 €Yes
Failure to comply with the duty to provide informationviolated rights of the data subjectGermany17/01/2022unknown500 €Yes
Excessive processing of visitor dataIllegal data processingGermany31/12/2022unknown10,000 €No
Unauthorized access to medical records of a minorIllegal data processingUnited Kingdom17/02/202311,278 €Yes
Unauthorized disclosure of car accident dataIllegal data processingUnited Kingdom01/02/2023215,655 €Yes
107 million spam e-mails sent containing personal dataIllegal data processingUnited Kingdom14/04/2023437324146,992 €Yes
Tiktok allowed data processing of 1.4 million under-13s without parental consentIllegal data processingUnited Kingdom04/04/2023140000014,466,340 €No
463,360 unauthorized advertising text messagesIllegal data processingUnited Kingdom14/12/202246336081,629 €No
3,506,157 Unauthorized advertising e-mails and text messagesIllegal data processingUnited Kingdom14/12/20223506157145,767 €No
1,932 unauthorized advertising callsIllegal data processingUnited Kingdom28/11/2022193223,093 €No
99,313 unauthorized advertising callsIllegal data processingUnited Kingdom28/11/20229931398,146 €No
348,724 Unauthorized advertising calls to vulnerable personsIllegal data processingUnited Kingdom24/08/2022348724166,107 €No
21,347 unauthorized advertising calls to homeownersIllegal data processingVereinigtes Königreich28/11/20222134780,826 €No
93,558 Unauthorized advertising callsIllegal data processingVereinigtes Königreich09/11/202293558182,286 €No
122 unsolicited advertising calls with high number of unreported casesIllegal data processingUnited Kingdom19/10/2022122264,389 €No
461,062 Unauthorized advertising callsIllegal data processingVereinigtes Königreich29/09/2022461062167,626 €No
169,830 Unauthorized advertising callsIllegal data processingUnited Kingdom18/07/202216983094,442 €No
11,825 unauthorized advertising callsIllegal data processingUnited Kingdom30/09/20221182545,300 €No
178,190 Unauthorized advertising callsIllegal data processingUnited Kingdom24/05/2022178190116,618 €No
Unauthorized sending of 500,000 marketing emailsIllegal data processingUnited Kingdom02/09/202250000034,691 €No
Health care provider unlawfully accessed patient dataIllegal data processingUnited Kingdom05/08/2022123,702 €Yes
6,250,966 advertising emails sent without consentIllegal data processingVereinigtes Königreich20/04/2022625096648,213 €No
465,235 emails and 40,524 SMS sent without consentIllegal data processingUnited Kingdom11/04/202250575971,691 €No
224,550 advertising text messages sent without consentIllegal data processingUnited Kingdom06/04/202222455035,940 €No
378,538 advertising text messages sent without consentIllegal data processingUnited Kingdom29/03/202237853894,742 €No
39,167 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom14/03/202239167119,168 €No
Record fine for Facebook for transferring personal data to the U.S.Illegal data processingIreland12/05/2023unknown1,200,000,000 €Yes
229,483 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom14/03/2022229483119,168 €No
4,737 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom11/03/2022473717,864 €No
69,133 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom14/03/20226913395,335 €No
412,556 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom21/01/2022412556131,527 €No
972,191 files encrypted after ransomware attackinadequate data protectionUnited Kingdom28/02/2022972191117,295 €Yes
E-mail advertising to 215,202 people despite objectionIllegal data processingUnited Kingdom07/03/202221520224,206 €No
752,425 Advertising text messages without prior consentIllegal data processingUnited Kingdom14/02/202275242559,723 €No
29 million advertising text messages sent to data subjects without consentIllegal data processingUnited Kingdom07/02/202229970419100,372 €No
675,478 Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom31/01/2022675478240,520 €No
Advertising calls despite objection in the TPS registerIllegal data processingUnited Kingdom18/01/202212462,390 €No
Unauthorized recording on toilet facilityIllegal data collectionAustria25/04/2023unknown25,000 €No
Disregard of the duty to inform after data theftTheft of DataGermany19/12/2022unknown9,000 €No
Corona contact sheet disposal in the forestinadequate data protectionGermany31/12/2022unknown500 €Yes
personnel plan according to vaccination statusIllegal data processingGermany31/12/2022unknown20,000 €Yes
Improper disposal of customer data and unlawful video surveillanceIllegal data processingGermany31/12/2022unknown6,500 €Yes
Covid-19 test results viewable without authenticationinadequate data protectionGermany31/12/2022unknown2,700 €Yes
Refusal to delete dataCooperation refusedGermany31/12/2022unknown1,000 €No
Unlawful disposal of Covid-19 testsinadequate data protectionGermany31/12/2022unknown1,000 €Yes
Disposal of delivery bills in waste paper containersinadequate data protectionGermany31/12/2022unknown0 €No
Recording dashcam in road trafficIllegal data collectionGermany31/12/2022unknown0 €No
Unintentional posting of personal data at Covid-19 test center.Illegal data processingGermany31/12/202211,800 €Yes
Inadmissible inspection of land register for purchase offer of building land 2Illegal data processingGermany21/09/2022unknown50,000 €No
Inadmissible inspection of land register for offer to purchase building landIllegal data processingGermany21/09/2022unknown5,000 €No
Conflict of interest of data protection officersinadequate data protectionDeustschland20/09/2022unknown525,000 €No
Evaluation of customer data without legal basis by Hannoversche VolksbankIllegal data processingGermany28/07/2022unknown900,000 €No
Data protection violations in the use of a service provider to test a driver assistance system at VolkswagenIllegal data processingGermany26/07/2022unknown1,100,000 €No
Queries from police systems on persons in the family environmentIllegal data processingGermany31/12/2021unknown1,800 €No
Use of the EWO system to determine the address of the ex-partnerIllegal data processingGermany31/12/20211600 €No
Queries from police information systems on colleaguesIllegal data processingGermany31/12/20211500 €No
POLAS query on an online seller for private purposesIllegal data processingGermany31/12/20211400 €No
Audio and video surveillance of employees, storage for too long, inadequate security measuresIllegal data collectionGermany31/12/2021unknown16,000 €No
Inappropriate use of contact tracing listsIllegal data processingGermany31/12/2021unknown170 €No
Processing of sensitive data of prospective tenants without legal basisIllegal data processingGermany03/03/202295001,900,000 €Yes
Transfer of an employee’s health data to over 3,000 customers without a legal basisIllegal data processingGermany12/01/2021110,110 €Yes
Repeated incorrect sending of doctor’s letters, no logging function for access to patient dataIllegal data processingGermany06/05/20211105,000 €Yes
Making video recordings of young women and girls without legal basisIllegal data collectionGermany10/06/2021unknown5,000 €No
Transfer of customer data despite objectionIllegal data processingGermany16/06/2021unknown12,500 €No
jö Bonus Clubviolated rights of the data subjectAustria14/01/2022unknown8,000,000 €No
Health data of a kindergarten teacherIllegal data processingAustria09/10/20221600 €Yes
Storage period exceededIllegal data collectionFrance22/07/2021several million1,750,000 €Yes
Delete request ignoredviolated rights of the data subjectSpain03/08/2021196,000 €No
open contact detailsno Data Protection OfficerGermany28/01/2021unknown100 €No
Data stored from criticsFrance.28/08/2021over 200.400,000 €Yes
unwanted advertising cookies.France.29/07/2021unknown.50,000 €No
Recovery of fictitious debtsviolated duty to informSpain27/07/2021160,000 €No
unencrypted datainadequate data protectionItaly02/08/2021unknown40,000 €No
Insufficient privacy policyviolated duty to informSpain05/08/2021unknown6,000 €No
Advertising according to COVID-19 Contact formviolated rights of the data subjectGreat Britain18/05/2021840009,281 €No
E-mail data freely accessibleinadequate data protectionGreat Britain08/07/202155029,183 €Yes
Too detailed video surveillanceIllegal data processingLuxembourg13/07/2021unknown12,500 €No
Video surveillance of employees customers and passers-byviolated rights of the data subjectGermany28/01/2021unknown9,444 €No
Police database abused for private purposesGermany28/01/2021unknown600 €Yes
Advertising calls without consentviolated rights of the data subjectGermany27/02/2021unknown260,000 €No
Online store with outdated softwaretechnical deficiencyGermany27/05/2021unknown65,500 €No
unlawful submissions to general practitionerstechnical deficiencyItaly20/07/202148120,000 €Yes
dentist refuses examinationIllegal data collectionItaly10/06/2021120,000 €Yes
11 million unwanted callsviolated rights of the data subjectGreat Britain25/06/2021316232,693 €No
Company denies access to data protection authorityCooperation refusedGermany13/07/20217,000 €No
Fine against Italian municipalityIllegal data processingItaly17/12/202014,000 €No
Penalty for video surveillance in swimming facilityIllegal data collectionGermany24/03/2020unknown.12,000 €No
GDPR fine after Facebook postingIllegal data processingAustria19/10/2020unknown600 €Yes
Penalty on computer mail orderIllegal data collectionGermany08/01/2021unknown10,400,000 €No
Data protection penalty against Vfb StuttgartIllegal data processingGermany10/03/202170000300,000 €No
Ticketmaster UK Limited – hacker attackIllegal data processingGreat Britain13/11/202094000001,392,525 €No
Digital Growth Experts Limited (DGEL) – promotional emailsIllegal data processingGreat Britain22/09/20201619065,400 €No
Reliance Advisory Limited – Advertising calls: 226,403 euro fineIllegal data processingGreat Britain27/11/202015100000226,403 €No
Kebap restaurant must now pay only 1500 euros fineIllegal data processingAustria19/01/20201,500 €No
Hora Credit IFN SA – 14,000 euros fine.Illegal data processingRomania10/12/201913,000 €No
Penalty against Czech bank.Illegal data processingCzech Republic01/04/201919,700 €Yes
Studios MG Ltd – promotional emails with advertising: 43,928.00 EUR penaltyIllegal data processingGreat Britain08/10/2020900043,928 €No
35 million DSGVO fine for H&MIllegal data collectionGermany01/10/2020unknown35,258,708 €Yes
€ 100 DSGVO fine for bank branchIllegal data collectionAustria28/05/20201100 €No
GDPR Penalty against Tax OfficeTheft of DataBulgaria16/07/20195 000 0002,600,000 €No
Penalty against Financial Institution in BulgariaIllegal data processingBulgaria24/07/2019unknown5,100 €No
Penalty against Social Securityinadequate data protectionBulgaria24/07/2019unknown2,500 €No
Penalty after Infringement of the Principle of Purpose LimitationIllegal data processingBulgaria23/07/2019unknown5,000 €No
Penalty against Bulgarian MunicipalityIllegal data processingBulgaria23/07/2019unknown7,700 €No
Penalty after Cyberattack against BankTheft of DataBulgaria28/08/2019510,000 €No
Data Processing without Legal Basis – Monetary PenaltyIllegal data processingBulgaria17/01/20201500 €No
Penalty against Ministry of the InteriorIllegal data processingBulgaria08/10/201915,000 €No
Request for Information of a Former Employee Ignoredviolated rights of the data subjectBulgaria28/10/20191500 €No
Data Disclosure Denied – GDPR Penalty in Bulgariaviolated rights of the data subjectBulgaria03/09/201911,800 €No
Penalty against Telecommunications Company and Its Managing DirectorsIllegal data processingBulgaria03/09/2019110,000 €No
GDPR Fine Imposed on Tax OfficeIllegal data processingBulgaria03/09/2019128,000 €No
Penalty against City CouncillorIllegal data processingBelgium25/11/20196545,000 €No
Another Penalty against Belgian MayorIllegal data processingBelgium25/11/20194765,000 €No
Belgium: Penalty for Incorrect Privacy Policyviolated duty to informBelgium17/12/2019unknown15,000 €No
Penalty against Nursing Organizationviolated rights of the data subjectBelgium17/12/201912,000 €No
Penalty for energy company for illegal telephone advertisingviolated rights of the data subjectGermany10/12/2018Thousands300,000 €No
Call center fined for unauthorized advertisingviolated rights of the data subjectGermany18/12/2018over 1,400300,000 €No
Personal health data accidentally published on the Internetinadequate data protectionGermany06/12/2018unknown84,000 €No
DSGVO penalty for private personIllegal data processingGermany29/01/20191119 €No
University medical center fined for patient mix-upinadequate data protectionGermany03/12/20191105,000 €No
GDPR fine for Austrian kebab storeIllegal data collectionAustria23/11/2018unknown1,500 €No
Penalty for Vodafone Germany for unauthorized advertising callsviolated rights of the data subjectGermany02/07/2019unknown100,000 €No
Spain: Fine over 30,000 euros because of cookie bannertechnical deficiencySpain24/10/2019unknown30,000 €No
Penalty for lack of data protection officerviolated duty to informGermany09/12/2019010,000 €No
Hora Credit IFN SA – 14,000 euros fineviolated rights of the data subjectRomania10/12/2019unknown14,000 €No
Allseas MARINE S.A. – 15,000 euro fineviolated rights of the data subjectGreece31/01/2020unknown15,000 €No
SC Enel Energie SA – 6000 euros fineviolated rights of the data subjectRomania16/12/2019unknown6,000 €No
Entirly Shipping & Trading SRL – 10,000 euro fineviolated rights of the data subjectRomania13/12/2019unknown10,000 €No
Social worker must pay 482.00 eurosviolated rights of the data subjectGreat Britain15/01/20202482 €No
Sky Deutschland – 250,000 euros fineviolated rights of the data subjectGermany23/12/2019> 1.000250,000 €No
Health facility in Hungary – 1,500 euro fineviolated rights of the data subjectHungary12/11/201911,500 €No
Eni gas e luce SpA – 11.5 million fineviolated rights of the data subjectItaly17/01/2020720011,500,000 €Yes
GDPR fine for DSG Retail LtdTheft of DataUnited Kingdom09/01/202014 million587,240 €No
GDPR fine after careless storage of health datainadequate data protectionUnited Kingdom20/12/2019500.000318,563 €Yes
9.5 million Eur fine for 1&1 Telekominadequate data protectionGermany09/12/20199,550,000 €No
Vreau Credit S.R.L fined for not reporting a Data Breachviolated duty to informRomania01/10/2019117720,000 €No
Raiffeisen Bank SA and penalty for inadequate data protectioninadequate data protectionRomania01/10/20191177150,000 €No
Complication of the revocationviolated rights of the data subjectPoland13/11/2019unknown47,000 €No
Data graveyard: 14.5 million euro finetechnical deficiencyGermany01/03/2019unknown14,500,000 €No
Austrian Post: 18 million DSGVO fineIllegal data processingAustria29/10/20193 million18,000,000 €Yes
GDPR Fine for merchantIllegal data collectionBelgium19/09/2019unknown10,000 €No
Punishment against medical companyviolated duty to informAustria22/08/2019unknown50,000 €No
Online store Morele.net – 2.2 million customers affectedTheft of DataPoland20/09/20192.2 million644,000 €Yes
DSGVO fine for new owner of Delivery Heroviolated rights of the data subjectGermany23/09/2019unknown195,407 €No
Hungary: GDPR fine for political partyTheft of DataHungary05/04/20196.000+34,375 €No
Austria: Footballtrainer films naked playersIllegal data collectionAustria01/07/2019unknown11,000 €No
Lithuania: Data Breach at a payment service providerTheft of DataLithuania16/05/20199.00061,500 €Yes
Poland: GDPR penalty for sports associationIllegal data processingPoland25/04/201958512,950 €No
Penalty against private personIllegal data processingGermany13/02/20191602,628 €No
Penalty against game websitetechnical deficiencyCzech Republic28/02/2019unknown580 €No
Penalty after refusal to provide dataviolated rights of the data subjectCzech Republic26/02/20191770 €No
Penalty against car rentalviolated duty to informCzech Republic04/02/2019unknown1,200 €No
Penalty for failure to shred filestechnical deficiencyCzech Republic04/02/20193001,200 €No
Penalty for Facebook postsviolated rights of the data subjectCzech Republic10/01/20191400 €No
Penalty for failure to delete dataviolated rights of the data subjectCzech Republic25/10/20181400 €No
Penalty for missing deletion deadlinesIllegal data processingDenmark03/06/2019385000201,000 €No
First GDPR fine in DenmarkIllegal data processingDenmark25/03/20198873333161,000 €No
Penalty against car insurancetechnical deficiencyFrance18/07/2019144000180,000 €No
Penalty against real estate law firmtechnical deficiencyFrance28/05/201929440400,000 €No
Penalty for late notification of a data breachviolated duty to informGermany01/02/2019unknown20,000 €No
Penalty for processing personal dataIllegal data processingGreece30/07/2019unknown150,000 €No
Penalty against telephone providerIllegal data processingBulgaria26/02/2019127,000 €No
Penalty against medical practiceIllegal data processingBulgaria08/04/20191500 €Yes
Penalty against Bulgarian consulting firmIllegal data processingBulgaria26/03/201915,000 €No
Penalty for refusal to provide dataviolated duty to informBulgaria22/02/20191500 €No
Penalty against Bulgarian bankIllegal data processingBulgaria04/12/20181500 €No
Penalty against public utilityIllegal data processingCzech Republic06/05/20191230 €No
Penalty against Dutch hospitaltechnical deficiencyNetherlands16/07/2019unknown460,000 €Yes
Fine against restaurantIllegal data collectionAustria23/11/2018unknown400 €No
Penalty against kebab restaurantIllegal data collectionAustria23/11/2018unknown1,800 €No
British Airways faces 20 million EUR GDPR fine after a data breachTheft of DataUnited Kingdom16/10/202050000022,428,000 €Yes
Penalty against hospitaltechnical deficiencyCzech Republic30/09/2018unknown1,550 €Yes
Penalty against Life at Parliament View LimitedTheft of DataGreat Britain19/07/20191861090,000 €No
Penalty against European UniversityIllegal data processingCyprus04/07/2018unknown500 €No
Fine against IkeaIllegal data processingCyprus04/07/2018unknown500 €No
Unauthorized video surveillance on company premisesIllegal data collectionCyprus21/09/2018unknown5,000 €No
Penalty for lost medical recordtechnical deficiencyCyprus15/02/201915,000 €No
Again penalty against newspaperIllegal data processingCyprus09/01/2019210,000 €No
Penalty against trading platformIllegal data processingCyprus28/03/201963,400 €No
Penalty against insurance companyIllegal data processingCyprus13/03/201984,000 €No
Penalty against Marriott hotel chainTheft of DataGreat Britain30/10/20202034723020,347,230 €No
Penalty against law firmtechnical deficiencyRomania15/07/2019unknown3,000 €No
Italy: Penalty for FacebookIllegal data processingItaly01/07/2019571,000,000 €No
Penalty against hotelIllegal data processingRomania02/07/20194615,000 €No
Penalty against Romanian banktechnical deficiencyRomania27/06/2019337 042130,000 €No
Germany: DSGVO fine for police officerIllegal data processingGermany18/06/201911,400 €Yes
France: GDPR breach in consulting officetechnical deficiencyFrance01/10/2018unknown20,000 €Yes
Spain: Soccer App spies on Fansviolated duty to informSpain12/06/2019unknown250,000 €No
Italy: Energy provider violates GDPRviolated duty to informItaly01/04/20192,018,000 €No
Fine against Restorative Justice CaseworkerIllegal data processingUnited Kingdom06/06/2019unknown680 €No
Belgium: Mayor violates GDPR for voting campaignsIllegal data processingBelgium28/05/2019unknown2,000 €No
Penalty against private person because of dashcamIllegal data collectionAustria27/09/2018unknown330 €No
Cyprus: GDPR fine for InfocreditIllegal data processingCyprus22/05/2018025,000 €No
City of Bergen was fined 170 000€Theft of DataNorway29/03/201935 000170,000 €Yes
Penalty against Sigma Live LtdIllegal data processingCyprus12/04/201915,000 €No
Fine against newspaperIllegal data processingCyprus12/04/201953,000 €No
Penalty against bankIllegal data processingGermany01/01/2019unknown50,000 €No
Penalty against Rousseau platformtechnical deficiencyItaly17/04/2019unknown50,000 €No
Penalty for Carphone Warehouse for lack of data protectionTheft of DataGreat Britain18/01/20193 348 869460,000 €No
Penalty for erroneous publication of health datatechnical deficiencyGermany12/01/2019unknown80,000 €Yes
Fine against Bounty LimitedIllegal data processingGreat Britain11/04/201934 267 889465,000 €No
Penalty against Uber (NL)Theft of DataNetherlands27/11/2018174 000600,000 €No
Penalty against True Vision Productionsviolated duty to informGreat Britain10/04/20191990140,000 €Yes
Penalty against British Bible SocietyTheft of DataGreat Britain31/05/2018417 000115,000 €No
Fine against Bisnode Polskaviolated duty to informPoland26/03/20195 700 000220,000 €No
Penalty for unauthorized video surveillanceIllegal data collectionAustria20/12/2018unknown2,200 €No
Penalty for refusal to provide dataviolated duty to informHungary06/03/201913,200 €No
Penalty against Jusos Baden-WürttembergIllegal data processingGermany25/03/20191682,500 €No
Penalty against betting establishmentIllegal data collectionAustria12/09/2018unknown5,280 €No
Penalty against Uber (FR)Theft of DataFrance19/12/20181 400 000400,000 €No
Penalty against Bouygues Telecomtechnical deficiencyFrance27/12/20182 176 236250,000 €No
Penalty against hospitaltechnical deficiencyPortugal17/07/2018unknown400,000 €Yes
Penalty against UberTheft of DataGreat Britain26/11/20182 700 000440,000 €No
Penalty against Facebook IrelandIllegal data processingGreat Britain24/10/201887 000 000575,000 €Yes
Penalty against Bupa Insurance Services LtdTheft of DataGreat Britain26/09/20181 500 000200,000 €No
Penalty against Equifax Ltdtechnical deficiencyGreat Britain19/09/201815 000 000575,000 €No
Penalty against the Commission of Inquiry against Child AbuseIllegal data processingGreat Britain05/07/201870230,000 €Yes
Fine against Gloucestershire Police DepartmentIllegal data processingGreat Britain11/06/20185692,000 €Yes
CNIL imposes 50 million fine on Googleviolated duty to informFrance21/01/2019unknown50,000,000 €No
Penalty against Kolibiri ImageIllegal data processingGermany17/12/2018unknown5,000 €No
Penalty against Heathrow Airporttechnical deficiencyGreat Britain08/10/201860135,000 €Yes
Penalty against Mall GroupTheft of DataCzech Republic03/10/2018735 00060,000 €No
Penalty against Optical Centertechnical deficiencyFrance07/06/2018300 000250,000 €Yes
DSGVO penalty against knuddels.deTheft of DataGermany22/11/2018330 00020,000 €No

You know more?

If you know of a GDPR penalty that is not on our list, you can send us a message. Please provide a source. Name and email address are optional

Thank you very much!

DSGVO Strafe
reCAPTCHA