Although the GDPR is a European law, the execution is not uniform but is taken over by the respective data protection authorities of the member states. We would like to give you an overview of all publicly known data protection penalties since May 25, 2018. You can sort the list by clicking on the heading.
Title | Type of Incident | Country | Date | Number of involved data records | GDPR Fine | Sensible Data involved? |
---|---|---|---|---|---|---|
Unauthorized filming of construction workers, neighbors and passers-by | Illegal data collection | Germany | 19/12/2022 | unknown | 4,750 € | No |
Entrepreneur publishes data of employees | Illegal data processing | Germany | 20/06/2022 | unknown | 200 € | No |
1,752,149 Unauthorized advertising calls | Illegal data processing | United Kingdom | 15/02/2023 | 1752149 | 225,161 € | No |
Disclosure of personal data via social media | Illegal data processing | Germany | 29/08/2022 | unknown | 200 € | Yes |
Failure to comply with the duty to provide information | violated rights of the data subject | Germany | 17/01/2022 | unknown | 500 € | Yes |
Excessive processing of visitor data | Illegal data processing | Germany | 31/12/2022 | unknown | 10,000 € | No |
Unauthorized access to medical records of a minor | Illegal data processing | United Kingdom | 17/02/2023 | 1 | 1,278 € | Yes |
Unauthorized disclosure of car accident data | Illegal data processing | United Kingdom | 01/02/2023 | 21 | 5,655 € | Yes |
107 million spam e-mails sent containing personal data | Illegal data processing | United Kingdom | 14/04/2023 | 437324 | 146,992 € | Yes |
Tiktok allowed data processing of 1.4 million under-13s without parental consent | Illegal data processing | United Kingdom | 04/04/2023 | 1400000 | 14,466,340 € | No |
463,360 unauthorized advertising text messages | Illegal data processing | United Kingdom | 14/12/2022 | 463360 | 81,629 € | No |
3,506,157 Unauthorized advertising e-mails and text messages | Illegal data processing | United Kingdom | 14/12/2022 | 3506157 | 145,767 € | No |
1,932 unauthorized advertising calls | Illegal data processing | United Kingdom | 28/11/2022 | 1932 | 23,093 € | No |
99,313 unauthorized advertising calls | Illegal data processing | United Kingdom | 28/11/2022 | 99313 | 98,146 € | No |
348,724 Unauthorized advertising calls to vulnerable persons | Illegal data processing | United Kingdom | 24/08/2022 | 348724 | 166,107 € | No |
21,347 unauthorized advertising calls to homeowners | Illegal data processing | Vereinigtes Königreich | 28/11/2022 | 21347 | 80,826 € | No |
93,558 Unauthorized advertising calls | Illegal data processing | Vereinigtes Königreich | 09/11/2022 | 93558 | 182,286 € | No |
122 unsolicited advertising calls with high number of unreported cases | Illegal data processing | United Kingdom | 19/10/2022 | 122 | 264,389 € | No |
461,062 Unauthorized advertising calls | Illegal data processing | Vereinigtes Königreich | 29/09/2022 | 461062 | 167,626 € | No |
169,830 Unauthorized advertising calls | Illegal data processing | United Kingdom | 18/07/2022 | 169830 | 94,442 € | No |
11,825 unauthorized advertising calls | Illegal data processing | United Kingdom | 30/09/2022 | 11825 | 45,300 € | No |
178,190 Unauthorized advertising calls | Illegal data processing | United Kingdom | 24/05/2022 | 178190 | 116,618 € | No |
Unauthorized sending of 500,000 marketing emails | Illegal data processing | United Kingdom | 02/09/2022 | 500000 | 34,691 € | No |
Health care provider unlawfully accessed patient data | Illegal data processing | United Kingdom | 05/08/2022 | 12 | 3,702 € | Yes |
6,250,966 advertising emails sent without consent | Illegal data processing | Vereinigtes Königreich | 20/04/2022 | 6250966 | 48,213 € | No |
465,235 emails and 40,524 SMS sent without consent | Illegal data processing | United Kingdom | 11/04/2022 | 505759 | 71,691 € | No |
224,550 advertising text messages sent without consent | Illegal data processing | United Kingdom | 06/04/2022 | 224550 | 35,940 € | No |
378,538 advertising text messages sent without consent | Illegal data processing | United Kingdom | 29/03/2022 | 378538 | 94,742 € | No |
39,167 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 14/03/2022 | 39167 | 119,168 € | No |
Record fine for Facebook for transferring personal data to the U.S. | Illegal data processing | Ireland | 12/05/2023 | unknown | 1,200,000,000 € | Yes |
229,483 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 14/03/2022 | 229483 | 119,168 € | No |
4,737 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 11/03/2022 | 4737 | 17,864 € | No |
69,133 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 14/03/2022 | 69133 | 95,335 € | No |
412,556 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 21/01/2022 | 412556 | 131,527 € | No |
972,191 files encrypted after ransomware attack | inadequate data protection | United Kingdom | 28/02/2022 | 972191 | 117,295 € | Yes |
E-mail advertising to 215,202 people despite objection | Illegal data processing | United Kingdom | 07/03/2022 | 215202 | 24,206 € | No |
752,425 Advertising text messages without prior consent | Illegal data processing | United Kingdom | 14/02/2022 | 752425 | 59,723 € | No |
29 million advertising text messages sent to data subjects without consent | Illegal data processing | United Kingdom | 07/02/2022 | 29970419 | 100,372 € | No |
675,478 Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 31/01/2022 | 675478 | 240,520 € | No |
Advertising calls despite objection in the TPS register | Illegal data processing | United Kingdom | 18/01/2022 | 1246 | 2,390 € | No |
Unauthorized recording on toilet facility | Illegal data collection | Austria | 25/04/2023 | unknown | 25,000 € | No |
Disregard of the duty to inform after data theft | Theft of Data | Germany | 19/12/2022 | unknown | 9,000 € | No |
Corona contact sheet disposal in the forest | inadequate data protection | Germany | 31/12/2022 | unknown | 500 € | Yes |
personnel plan according to vaccination status | Illegal data processing | Germany | 31/12/2022 | unknown | 20,000 € | Yes |
Improper disposal of customer data and unlawful video surveillance | Illegal data processing | Germany | 31/12/2022 | unknown | 6,500 € | Yes |
Covid-19 test results viewable without authentication | inadequate data protection | Germany | 31/12/2022 | unknown | 2,700 € | Yes |
Refusal to delete data | Cooperation refused | Germany | 31/12/2022 | unknown | 1,000 € | No |
Unlawful disposal of Covid-19 tests | inadequate data protection | Germany | 31/12/2022 | unknown | 1,000 € | Yes |
Disposal of delivery bills in waste paper containers | inadequate data protection | Germany | 31/12/2022 | unknown | 0 € | No |
Recording dashcam in road traffic | Illegal data collection | Germany | 31/12/2022 | unknown | 0 € | No |
Unintentional posting of personal data at Covid-19 test center. | Illegal data processing | Germany | 31/12/2022 | 1 | 1,800 € | Yes |
Inadmissible inspection of land register for purchase offer of building land 2 | Illegal data processing | Germany | 21/09/2022 | unknown | 50,000 € | No |
Inadmissible inspection of land register for offer to purchase building land | Illegal data processing | Germany | 21/09/2022 | unknown | 5,000 € | No |
Conflict of interest of data protection officers | inadequate data protection | Deustschland | 20/09/2022 | unknown | 525,000 € | No |
Evaluation of customer data without legal basis by Hannoversche Volksbank | Illegal data processing | Germany | 28/07/2022 | unknown | 900,000 € | No |
Data protection violations in the use of a service provider to test a driver assistance system at Volkswagen | Illegal data processing | Germany | 26/07/2022 | unknown | 1,100,000 € | No |
Queries from police systems on persons in the family environment | Illegal data processing | Germany | 31/12/2021 | unknown | 1,800 € | No |
Use of the EWO system to determine the address of the ex-partner | Illegal data processing | Germany | 31/12/2021 | 1 | 600 € | No |
Queries from police information systems on colleagues | Illegal data processing | Germany | 31/12/2021 | 1 | 500 € | No |
POLAS query on an online seller for private purposes | Illegal data processing | Germany | 31/12/2021 | 1 | 400 € | No |
Audio and video surveillance of employees, storage for too long, inadequate security measures | Illegal data collection | Germany | 31/12/2021 | unknown | 16,000 € | No |
Inappropriate use of contact tracing lists | Illegal data processing | Germany | 31/12/2021 | unknown | 170 € | No |
Processing of sensitive data of prospective tenants without legal basis | Illegal data processing | Germany | 03/03/2022 | 9500 | 1,900,000 € | Yes |
Transfer of an employee’s health data to over 3,000 customers without a legal basis | Illegal data processing | Germany | 12/01/2021 | 1 | 10,110 € | Yes |
Repeated incorrect sending of doctor’s letters, no logging function for access to patient data | Illegal data processing | Germany | 06/05/2021 | 1 | 105,000 € | Yes |
Making video recordings of young women and girls without legal basis | Illegal data collection | Germany | 10/06/2021 | unknown | 5,000 € | No |
Transfer of customer data despite objection | Illegal data processing | Germany | 16/06/2021 | unknown | 12,500 € | No |
jö Bonus Club | violated rights of the data subject | Austria | 14/01/2022 | unknown | 8,000,000 € | No |
Health data of a kindergarten teacher | Illegal data processing | Austria | 09/10/2022 | 1 | 600 € | Yes |
Storage period exceeded | Illegal data collection | France | 22/07/2021 | several million | 1,750,000 € | Yes |
Delete request ignored | violated rights of the data subject | Spain | 03/08/2021 | 1 | 96,000 € | No |
open contact details | no Data Protection Officer | Germany | 28/01/2021 | unknown | 100 € | No |
Data stored from critics | France. | 28/08/2021 | over 200. | 400,000 € | Yes | |
unwanted advertising cookies. | France. | 29/07/2021 | unknown. | 50,000 € | No | |
Recovery of fictitious debts | violated duty to inform | Spain | 27/07/2021 | 1 | 60,000 € | No |
unencrypted data | inadequate data protection | Italy | 02/08/2021 | unknown | 40,000 € | No |
Insufficient privacy policy | violated duty to inform | Spain | 05/08/2021 | unknown | 6,000 € | No |
Advertising according to COVID-19 Contact form | violated rights of the data subject | Great Britain | 18/05/2021 | 84000 | 9,281 € | No |
E-mail data freely accessible | inadequate data protection | Great Britain | 08/07/2021 | 550 | 29,183 € | Yes |
Too detailed video surveillance | Illegal data processing | Luxembourg | 13/07/2021 | unknown | 12,500 € | No |
Video surveillance of employees customers and passers-by | violated rights of the data subject | Germany | 28/01/2021 | unknown | 9,444 € | No |
Police database abused for private purposes | Germany | 28/01/2021 | unknown | 600 € | Yes | |
Advertising calls without consent | violated rights of the data subject | Germany | 27/02/2021 | unknown | 260,000 € | No |
Online store with outdated software | technical deficiency | Germany | 27/05/2021 | unknown | 65,500 € | No |
unlawful submissions to general practitioners | technical deficiency | Italy | 20/07/2021 | 48 | 120,000 € | Yes |
dentist refuses examination | Illegal data collection | Italy | 10/06/2021 | 1 | 20,000 € | Yes |
11 million unwanted calls | violated rights of the data subject | Great Britain | 25/06/2021 | 316 | 232,693 € | No |
Company denies access to data protection authority | Cooperation refused | Germany | 13/07/2021 | 7,000 € | No | |
Fine against Italian municipality | Illegal data processing | Italy | 17/12/2020 | 1 | 4,000 € | No |
Penalty for video surveillance in swimming facility | Illegal data collection | Germany | 24/03/2020 | unknown. | 12,000 € | No |
GDPR fine after Facebook posting | Illegal data processing | Austria | 19/10/2020 | unknown | 600 € | Yes |
Penalty on computer mail order | Illegal data collection | Germany | 08/01/2021 | unknown | 10,400,000 € | No |
Data protection penalty against Vfb Stuttgart | Illegal data processing | Germany | 10/03/2021 | 70000 | 300,000 € | No |
Ticketmaster UK Limited – hacker attack | Illegal data processing | Great Britain | 13/11/2020 | 9400000 | 1,392,525 € | No |
Digital Growth Experts Limited (DGEL) – promotional emails | Illegal data processing | Great Britain | 22/09/2020 | 16190 | 65,400 € | No |
Reliance Advisory Limited – Advertising calls: 226,403 euro fine | Illegal data processing | Great Britain | 27/11/2020 | 15100000 | 226,403 € | No |
Kebap restaurant must now pay only 1500 euros fine | Illegal data processing | Austria | 19/01/2020 | 1,500 € | No | |
Hora Credit IFN SA – 14,000 euros fine. | Illegal data processing | Romania | 10/12/2019 | 13,000 € | No | |
Penalty against Czech bank. | Illegal data processing | Czech Republic | 01/04/2019 | 1 | 9,700 € | Yes |
Studios MG Ltd – promotional emails with advertising: 43,928.00 EUR penalty | Illegal data processing | Great Britain | 08/10/2020 | 9000 | 43,928 € | No |
35 million DSGVO fine for H&M | Illegal data collection | Germany | 01/10/2020 | unknown | 35,258,708 € | Yes |
€ 100 DSGVO fine for bank branch | Illegal data collection | Austria | 28/05/2020 | 1 | 100 € | No |
GDPR Penalty against Tax Office | Theft of Data | Bulgaria | 16/07/2019 | 5 000 000 | 2,600,000 € | No |
Penalty against Financial Institution in Bulgaria | Illegal data processing | Bulgaria | 24/07/2019 | unknown | 5,100 € | No |
Penalty against Social Security | inadequate data protection | Bulgaria | 24/07/2019 | unknown | 2,500 € | No |
Penalty after Infringement of the Principle of Purpose Limitation | Illegal data processing | Bulgaria | 23/07/2019 | unknown | 5,000 € | No |
Penalty against Bulgarian Municipality | Illegal data processing | Bulgaria | 23/07/2019 | unknown | 7,700 € | No |
Penalty after Cyberattack against Bank | Theft of Data | Bulgaria | 28/08/2019 | 510,000 € | No | |
Data Processing without Legal Basis – Monetary Penalty | Illegal data processing | Bulgaria | 17/01/2020 | 1 | 500 € | No |
Penalty against Ministry of the Interior | Illegal data processing | Bulgaria | 08/10/2019 | 1 | 5,000 € | No |
Request for Information of a Former Employee Ignored | violated rights of the data subject | Bulgaria | 28/10/2019 | 1 | 500 € | No |
Data Disclosure Denied – GDPR Penalty in Bulgaria | violated rights of the data subject | Bulgaria | 03/09/2019 | 1 | 1,800 € | No |
Penalty against Telecommunications Company and Its Managing Directors | Illegal data processing | Bulgaria | 03/09/2019 | 1 | 10,000 € | No |
GDPR Fine Imposed on Tax Office | Illegal data processing | Bulgaria | 03/09/2019 | 1 | 28,000 € | No |
Penalty against City Councillor | Illegal data processing | Belgium | 25/11/2019 | 654 | 5,000 € | No |
Another Penalty against Belgian Mayor | Illegal data processing | Belgium | 25/11/2019 | 476 | 5,000 € | No |
Belgium: Penalty for Incorrect Privacy Policy | violated duty to inform | Belgium | 17/12/2019 | unknown | 15,000 € | No |
Penalty against Nursing Organization | violated rights of the data subject | Belgium | 17/12/2019 | 1 | 2,000 € | No |
Penalty for energy company for illegal telephone advertising | violated rights of the data subject | Germany | 10/12/2018 | Thousands | 300,000 € | No |
Call center fined for unauthorized advertising | violated rights of the data subject | Germany | 18/12/2018 | over 1,400 | 300,000 € | No |
Personal health data accidentally published on the Internet | inadequate data protection | Germany | 06/12/2018 | unknown | 84,000 € | No |
DSGVO penalty for private person | Illegal data processing | Germany | 29/01/2019 | 1 | 119 € | No |
University medical center fined for patient mix-up | inadequate data protection | Germany | 03/12/2019 | 1 | 105,000 € | No |
GDPR fine for Austrian kebab store | Illegal data collection | Austria | 23/11/2018 | unknown | 1,500 € | No |
Penalty for Vodafone Germany for unauthorized advertising calls | violated rights of the data subject | Germany | 02/07/2019 | unknown | 100,000 € | No |
Spain: Fine over 30,000 euros because of cookie banner | technical deficiency | Spain | 24/10/2019 | unknown | 30,000 € | No |
Penalty for lack of data protection officer | violated duty to inform | Germany | 09/12/2019 | 0 | 10,000 € | No |
Hora Credit IFN SA – 14,000 euros fine | violated rights of the data subject | Romania | 10/12/2019 | unknown | 14,000 € | No |
Allseas MARINE S.A. – 15,000 euro fine | violated rights of the data subject | Greece | 31/01/2020 | unknown | 15,000 € | No |
SC Enel Energie SA – 6000 euros fine | violated rights of the data subject | Romania | 16/12/2019 | unknown | 6,000 € | No |
Entirly Shipping & Trading SRL – 10,000 euro fine | violated rights of the data subject | Romania | 13/12/2019 | unknown | 10,000 € | No |
Social worker must pay 482.00 euros | violated rights of the data subject | Great Britain | 15/01/2020 | 2 | 482 € | No |
Sky Deutschland – 250,000 euros fine | violated rights of the data subject | Germany | 23/12/2019 | > 1.000 | 250,000 € | No |
Health facility in Hungary – 1,500 euro fine | violated rights of the data subject | Hungary | 12/11/2019 | 1 | 1,500 € | No |
Eni gas e luce SpA – 11.5 million fine | violated rights of the data subject | Italy | 17/01/2020 | 7200 | 11,500,000 € | Yes |
GDPR fine for DSG Retail Ltd | Theft of Data | United Kingdom | 09/01/2020 | 14 million | 587,240 € | No |
GDPR fine after careless storage of health data | inadequate data protection | United Kingdom | 20/12/2019 | 500.000 | 318,563 € | Yes |
9.5 million Eur fine for 1&1 Telekom | inadequate data protection | Germany | 09/12/2019 | 9,550,000 € | No | |
Vreau Credit S.R.L fined for not reporting a Data Breach | violated duty to inform | Romania | 01/10/2019 | 1177 | 20,000 € | No |
Raiffeisen Bank SA and penalty for inadequate data protection | inadequate data protection | Romania | 01/10/2019 | 1177 | 150,000 € | No |
Complication of the revocation | violated rights of the data subject | Poland | 13/11/2019 | unknown | 47,000 € | No |
Data graveyard: 14.5 million euro fine | technical deficiency | Germany | 01/03/2019 | unknown | 14,500,000 € | No |
Austrian Post: 18 million DSGVO fine | Illegal data processing | Austria | 29/10/2019 | 3 million | 18,000,000 € | Yes |
GDPR Fine for merchant | Illegal data collection | Belgium | 19/09/2019 | unknown | 10,000 € | No |
Punishment against medical company | violated duty to inform | Austria | 22/08/2019 | unknown | 50,000 € | No |
Online store Morele.net – 2.2 million customers affected | Theft of Data | Poland | 20/09/2019 | 2.2 million | 644,000 € | Yes |
DSGVO fine for new owner of Delivery Hero | violated rights of the data subject | Germany | 23/09/2019 | unknown | 195,407 € | No |
Hungary: GDPR fine for political party | Theft of Data | Hungary | 05/04/2019 | 6.000+ | 34,375 € | No |
Austria: Footballtrainer films naked players | Illegal data collection | Austria | 01/07/2019 | unknown | 11,000 € | No |
Lithuania: Data Breach at a payment service provider | Theft of Data | Lithuania | 16/05/2019 | 9.000 | 61,500 € | Yes |
Poland: GDPR penalty for sports association | Illegal data processing | Poland | 25/04/2019 | 585 | 12,950 € | No |
Penalty against private person | Illegal data processing | Germany | 13/02/2019 | 160 | 2,628 € | No |
Penalty against game website | technical deficiency | Czech Republic | 28/02/2019 | unknown | 580 € | No |
Penalty after refusal to provide data | violated rights of the data subject | Czech Republic | 26/02/2019 | 1 | 770 € | No |
Penalty against car rental | violated duty to inform | Czech Republic | 04/02/2019 | unknown | 1,200 € | No |
Penalty for failure to shred files | technical deficiency | Czech Republic | 04/02/2019 | 300 | 1,200 € | No |
Penalty for Facebook posts | violated rights of the data subject | Czech Republic | 10/01/2019 | 1 | 400 € | No |
Penalty for failure to delete data | violated rights of the data subject | Czech Republic | 25/10/2018 | 1 | 400 € | No |
Penalty for missing deletion deadlines | Illegal data processing | Denmark | 03/06/2019 | 385000 | 201,000 € | No |
First GDPR fine in Denmark | Illegal data processing | Denmark | 25/03/2019 | 8873333 | 161,000 € | No |
Penalty against car insurance | technical deficiency | France | 18/07/2019 | 144000 | 180,000 € | No |
Penalty against real estate law firm | technical deficiency | France | 28/05/2019 | 29440 | 400,000 € | No |
Penalty for late notification of a data breach | violated duty to inform | Germany | 01/02/2019 | unknown | 20,000 € | No |
Penalty for processing personal data | Illegal data processing | Greece | 30/07/2019 | unknown | 150,000 € | No |
Penalty against telephone provider | Illegal data processing | Bulgaria | 26/02/2019 | 1 | 27,000 € | No |
Penalty against medical practice | Illegal data processing | Bulgaria | 08/04/2019 | 1 | 500 € | Yes |
Penalty against Bulgarian consulting firm | Illegal data processing | Bulgaria | 26/03/2019 | 1 | 5,000 € | No |
Penalty for refusal to provide data | violated duty to inform | Bulgaria | 22/02/2019 | 1 | 500 € | No |
Penalty against Bulgarian bank | Illegal data processing | Bulgaria | 04/12/2018 | 1 | 500 € | No |
Penalty against public utility | Illegal data processing | Czech Republic | 06/05/2019 | 1 | 230 € | No |
Penalty against Dutch hospital | technical deficiency | Netherlands | 16/07/2019 | unknown | 460,000 € | Yes |
Fine against restaurant | Illegal data collection | Austria | 23/11/2018 | unknown | 400 € | No |
Penalty against kebab restaurant | Illegal data collection | Austria | 23/11/2018 | unknown | 1,800 € | No |
British Airways faces 20 million EUR GDPR fine after a data breach | Theft of Data | United Kingdom | 16/10/2020 | 500000 | 22,428,000 € | Yes |
Penalty against hospital | technical deficiency | Czech Republic | 30/09/2018 | unknown | 1,550 € | Yes |
Penalty against Life at Parliament View Limited | Theft of Data | Great Britain | 19/07/2019 | 18610 | 90,000 € | No |
Penalty against European University | Illegal data processing | Cyprus | 04/07/2018 | unknown | 500 € | No |
Fine against Ikea | Illegal data processing | Cyprus | 04/07/2018 | unknown | 500 € | No |
Unauthorized video surveillance on company premises | Illegal data collection | Cyprus | 21/09/2018 | unknown | 5,000 € | No |
Penalty for lost medical record | technical deficiency | Cyprus | 15/02/2019 | 1 | 5,000 € | No |
Again penalty against newspaper | Illegal data processing | Cyprus | 09/01/2019 | 2 | 10,000 € | No |
Penalty against trading platform | Illegal data processing | Cyprus | 28/03/2019 | 6 | 3,400 € | No |
Penalty against insurance company | Illegal data processing | Cyprus | 13/03/2019 | 8 | 4,000 € | No |
Penalty against Marriott hotel chain | Theft of Data | Great Britain | 30/10/2020 | 20347230 | 20,347,230 € | No |
Penalty against law firm | technical deficiency | Romania | 15/07/2019 | unknown | 3,000 € | No |
Italy: Penalty for Facebook | Illegal data processing | Italy | 01/07/2019 | 57 | 1,000,000 € | No |
Penalty against hotel | Illegal data processing | Romania | 02/07/2019 | 46 | 15,000 € | No |
Penalty against Romanian bank | technical deficiency | Romania | 27/06/2019 | 337 042 | 130,000 € | No |
Germany: DSGVO fine for police officer | Illegal data processing | Germany | 18/06/2019 | 1 | 1,400 € | Yes |
France: GDPR breach in consulting office | technical deficiency | France | 01/10/2018 | unknown | 20,000 € | Yes |
Spain: Soccer App spies on Fans | violated duty to inform | Spain | 12/06/2019 | unknown | 250,000 € | No |
Italy: Energy provider violates GDPR | violated duty to inform | Italy | 01/04/2019 | 2,018,000 € | No | |
Fine against Restorative Justice Caseworker | Illegal data processing | United Kingdom | 06/06/2019 | unknown | 680 € | No |
Belgium: Mayor violates GDPR for voting campaigns | Illegal data processing | Belgium | 28/05/2019 | unknown | 2,000 € | No |
Penalty against private person because of dashcam | Illegal data collection | Austria | 27/09/2018 | unknown | 330 € | No |
Cyprus: GDPR fine for Infocredit | Illegal data processing | Cyprus | 22/05/2018 | 0 | 25,000 € | No |
City of Bergen was fined 170 000€ | Theft of Data | Norway | 29/03/2019 | 35 000 | 170,000 € | Yes |
Penalty against Sigma Live Ltd | Illegal data processing | Cyprus | 12/04/2019 | 1 | 5,000 € | No |
Fine against newspaper | Illegal data processing | Cyprus | 12/04/2019 | 5 | 3,000 € | No |
Penalty against bank | Illegal data processing | Germany | 01/01/2019 | unknown | 50,000 € | No |
Penalty against Rousseau platform | technical deficiency | Italy | 17/04/2019 | unknown | 50,000 € | No |
Penalty for Carphone Warehouse for lack of data protection | Theft of Data | Great Britain | 18/01/2019 | 3 348 869 | 460,000 € | No |
Penalty for erroneous publication of health data | technical deficiency | Germany | 12/01/2019 | unknown | 80,000 € | Yes |
Fine against Bounty Limited | Illegal data processing | Great Britain | 11/04/2019 | 34 267 889 | 465,000 € | No |
Penalty against Uber (NL) | Theft of Data | Netherlands | 27/11/2018 | 174 000 | 600,000 € | No |
Penalty against True Vision Productions | violated duty to inform | Great Britain | 10/04/2019 | 1990 | 140,000 € | Yes |
Penalty against British Bible Society | Theft of Data | Great Britain | 31/05/2018 | 417 000 | 115,000 € | No |
Fine against Bisnode Polska | violated duty to inform | Poland | 26/03/2019 | 5 700 000 | 220,000 € | No |
Penalty for unauthorized video surveillance | Illegal data collection | Austria | 20/12/2018 | unknown | 2,200 € | No |
Penalty for refusal to provide data | violated duty to inform | Hungary | 06/03/2019 | 1 | 3,200 € | No |
Penalty against Jusos Baden-Württemberg | Illegal data processing | Germany | 25/03/2019 | 168 | 2,500 € | No |
Penalty against betting establishment | Illegal data collection | Austria | 12/09/2018 | unknown | 5,280 € | No |
Penalty against Uber (FR) | Theft of Data | France | 19/12/2018 | 1 400 000 | 400,000 € | No |
Penalty against Bouygues Telecom | technical deficiency | France | 27/12/2018 | 2 176 236 | 250,000 € | No |
Penalty against hospital | technical deficiency | Portugal | 17/07/2018 | unknown | 400,000 € | Yes |
Penalty against Uber | Theft of Data | Great Britain | 26/11/2018 | 2 700 000 | 440,000 € | No |
Penalty against Facebook Ireland | Illegal data processing | Great Britain | 24/10/2018 | 87 000 000 | 575,000 € | Yes |
Penalty against Bupa Insurance Services Ltd | Theft of Data | Great Britain | 26/09/2018 | 1 500 000 | 200,000 € | No |
Penalty against Equifax Ltd | technical deficiency | Great Britain | 19/09/2018 | 15 000 000 | 575,000 € | No |
Penalty against the Commission of Inquiry against Child Abuse | Illegal data processing | Great Britain | 05/07/2018 | 70 | 230,000 € | Yes |
Fine against Gloucestershire Police Department | Illegal data processing | Great Britain | 11/06/2018 | 56 | 92,000 € | Yes |
CNIL imposes 50 million fine on Google | violated duty to inform | France | 21/01/2019 | unknown | 50,000,000 € | No |
Penalty against Kolibiri Image | Illegal data processing | Germany | 17/12/2018 | unknown | 5,000 € | No |
Penalty against Heathrow Airport | technical deficiency | Great Britain | 08/10/2018 | 60 | 135,000 € | Yes |
Penalty against Mall Group | Theft of Data | Czech Republic | 03/10/2018 | 735 000 | 60,000 € | No |
Penalty against Optical Center | technical deficiency | France | 07/06/2018 | 300 000 | 250,000 € | Yes |
DSGVO penalty against knuddels.de | Theft of Data | Germany | 22/11/2018 | 330 000 | 20,000 € | No |
You know more?
If you know of a GDPR penalty that is not on our list, you can send us a message. Please provide a source. Name and email address are optional
Thank you very much!