Fines according to DSGVO in Germany

The various provisions of the General Data Protection Regulation set out fines for data protection violations. The fines can range from up to 20 million euros or, for companies, up to four percent of global annual turnover (whichever is higher in the end).

The competent supervisory authorities are responsible for assessing, prosecuting and punishing data protection violations. In particular, the Federal Data Protection Commissioner and the data protection commissioners of the German states are responsible for imposing fines.

Fines 2021 – August 2023 from EUR 50,000
(Reference: Website of the respective supervisory authority)

Date of the decision: 2.8.2023

Addressee: Humboldt Forum Service GmbH

Amount of the fine: 215,000 EUR

Authority: Berlin Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 9 para. 1, Art. 6

Facts: list with personal data on employees in probationary period (3 further fines totaling EUR 40,000 for lack of involvement of the data protection officer)

Date of the decision: 15.6.2023

Addressee: Mail order company

Amount of the fine: 50,000 EUR

Authority: State Commissioner for Data Protection of Lower Saxony

Provisions DSGVO: Art. 21, Art. 15

Facts of the case: e-mail newsletter without unsubscribe option, failure to provide a data subject with requested information

Date of the notice: 31.5.2023

Addressee: Unknown Berlin bank

Amount of the fine: EUR 300,000

Authority: Berlin Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 9 para. 1, Art. 25 para. 2, Art. 7 para. 3, Art. 13 para. 1 lit. c

Subject matter: Lack of transparency in automated decision making

Date of the decision: 18.10.2022

Addressee: Corona Teststation

Amount of the fine: 52,500 EUR

Authority: Berlin Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 22 para. 3, Art. 5 para. 1 lit. a, Art. 15 para. 1

Facts: Mandatory information on nationality, Lack of data protection notice

Date of the decision: 21.9.2022

Addressee: Unknown construction company

Amount of the fine: 50.000 EUR

Authority: State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Provisions DSGVO: Art. 6 para. 1, Art. 14

Subject matter: Submission of purchase offers without information and disclosure of the origin of the data, in particular regarding the owner’s position

Date of the decision: 20.9.2022

Addressee: Subsidiary of an e-commerce group

Amount of the fine: EUR 525,000

Authority: Berlin Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 38 para. 6 p. 2

Facts: Conflict of interest of the company data protection officer. Data Protection Officer

Date of decision: 28.7.2022

Addressee: Hannoversche Volksbank

Amount of the fine: EUR 900,000

Authority: State Commissioner for Data Protection of Lower Saxony

Provisions DSGVO: Art. 6 para. 1 lit. f

Subject matter: Evaluation of data of current and former customers for profiling for advertising purposes

Date of the decision: 26.7.2022

Addressee: Volkswagen AG

Amount of the fine: EUR 1.1 million

Authority: State Commissioner for Data Protection of Lower Saxony

Provisions DSGVO: Art. 13, Art. 28, Art. 35, Art. 30

Subject matter: Records in the context of research drives for driving assistance systems

Date of the decision: 10.3.2022

Addressee: VfB Stuttgart

Amount of the fine: 300,000 EUR

Authority: State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Provisions DSGVO: Art. 5 para. 2

Facts: Violation of accountability under data protection law by transferring personal data to a service provider without naming the purpose and legal basis

Date of the decision: 3.3.2022

Addressee: Brebau GmbH

Amount of the fine: EUR 1.9 million

Authority: State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen.

Provisions DSGVO: Art. 6 (1), Art. 5 (1), Art. 9 (1), Art. 12 (1), Art. 15

Facts: Processing of data on prospective tenants without legal basis

Date of the decision: 3.1.2022

Addressee: Unknown company

Amount of the fine: 75,000 EUR

Authority: Saarland Independent Data Protection Center

Provisions DSGVO: Art. 5 para. 1 lit. a, Art. 6 para. 1

Facts: Inadmissible sending of advertising by e-mail and inadmissible tracking

Date of the decision: 24.9.2021

Addressee: Vattenfall Europe Sales GmbH

Amount of the fine: EUR 901,389

Authority: Hamburg Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 12, 13

Facts: Matching and evaluation of contract inquiries without proper information about the evaluation, violation of transparency obligations

Date of the decision: 6.5.2021Addressee: Healthcare company

Amount of the fine: 105,000 EUR

Authority: Hamburg Commissioner for Data Protection and Freedom of Information

Provisions DSGVO: Art. 32 para. 1

Facts: Incorrect sending of doctor’s letters (data breach)

Date of decision: 4.1.2021

Addressee: Callcenter it! GmbH & Co. KG

Amount of fine: 145,000 EUR

Authority: Federal Network Agency

Provisions: Section 7 (2) no. 2 and no. 3 of the German Unfair Competition Act (UWG)

Facts: Unauthorized telephone advertising

Date of decision: 8.1.2021 (publication)

Addressee: notebooksbilliger.de AG

Amount of fine: EUR 10.4 million

Authority: State Commissioner for Data Protection of Lower Saxony

Provisions DSGVO: Art. 6 para. 1

Facts: Unauthorized video surveillance of employees

Date of the decision: 17.2.2021

Addressee: mivolta GmbH

Amount of fine: EUR 250,000

Authority: Federal Network Agency

Provisions: Section 7 (2) no. 2 and no. 3 of the German Unfair Competition Act (UWG)

Facts: Call center made advertising calls without effective consent

Date of decision: 17.2.2022

Addressee: KiKxxl GmbH

Amount of the fine: 260,000 EUR

Authority: Federal Network Agency

Provisions: Section 7 (2) no. 2 and no. 3 of the German Unfair Competition Act (UWG)

Facts: Energy supplier allowed advertising calls to be made without effective consent

Prof. Dr. Frank Tapella

Prof. Dr. Frank Tapella>19 Beiträge