The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in the European Union (EU) on May 25, 2018. It provides a uniform set of data protection rules for EU member states and imposes strict penalties on companies and organizations that fail to comply with these rules. In this article, we will take a look at some of the recent GDPR fines that have been levied by data protection authorities in the EU.
- Tecnomed Trento s.r.l. – Italy On April 7, 2022, Tecnomed Trento s.r.l., an Italian company, was fined €10,000 for violating several provisions of the GDPR. The company was found to have non-compliant with general data processing principles, including Articles 5 (1) a), c), 13, 29, and 32 of the GDPR.
- Manager of a real estate co-ownership – Luxembourg On December 13, 2022, the manager of a real estate co-ownership in Luxembourg was fined €1,500 for failing to comply with the GDPR. The manager was found to have insufficient legal basis for data processing, violating Articles 5 (1) a), 6 (1), 12 (3), (4), and 15 (1) b), c) of the GDPR.
- Mister Brick S.a.s. – Italy On August 5, 2022, Mister Brick S.a.s., an Italian company, was fined €1,000 for violating several provisions of the GDPR. The company was found to have insufficient legal basis for data processing, including Articles 5 (2), 6 (1) a), 12 (3), 15, and 24 of the GDPR.
- News service – Hungary On November 15, 2022, a news service in Hungary was fined €5,200 for violating the GDPR. The company was found to have insufficient legal basis for data processing, violating Articles 6 (1), 7 (2), 4), and 12 of the GDPR.
- Rebirth s.r.l. – Italy On April 7, 2022, Rebirth s.r.l., an Italian company, was fined €15,000 for violating several provisions of the GDPR. The company was found to have insufficient fulfilment of information obligations, violating Articles 5 (1) a), 13, 114 of the Italian privacy code, and 157 of the Italian privacy code.
- Direzione Didattica Statale 1° Circolo-Eboli – Italy On April 28, 2022, the Direzione Didattica Statale 1° Circolo-Eboli, an Italian organization, was fined €1,500 for violating several provisions of the GDPR. The organization was found to have insufficient legal basis for data processing, violating Articles 5, 6, 9, 2-ter of the Italian privacy code, and 2-sexies of the Italian privacy code.
- Medijobs Platform SRL – Romania On February 8, 2023, Medijobs Platform SRL, a Romanian company, was fined €5,000 for violating the GDPR. The company was found to have insufficient technical and organizational measures to ensure information security, violating Article 32 (1) b), (2) of the GDPR.
- Comune di Monte Sant’Angelo – Italy On April 28, 2022, the Comune di Monte Sant’Angelo, an Italian organization, was fined €3,000 for violating several provisions of the GDPR. The organization was found to have insufficient legal basis for data processing, violating Articles 5 (1) a), 6 (1) e),