Company – €20,000 Fine (Belgium, 2025)

€20,000Autorité de Protection des Données22 April 2025Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian company was fined EUR 20,000 for not following data protection rules while doing direct marketing. They failed to have a valid reason for using people's data and didn't inform them properly. This case highlights the importance of being transparent and having a legal basis when handling personal information.

What happened

The Belgian DPA fined a company for not having a valid legal basis for processing personal data during direct marketing activities.

Who was affected

People whose personal data was used by the company for marketing without proper consent.

What the authority found

The authority found that the company violated multiple data processing principles under GDPR, including failing to inform users and lacking a valid legal basis.

Why this matters

This ruling shows that companies must take data protection seriously, especially in marketing. It serves as a reminder for businesses to ensure they have clear consent and transparency when using personal data.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 6(1) GDPR
Art. 12(1) GDPR
Art. 14(1) GDPR
Art. 15(1)(c) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1) a) GDPR
(2) GDPR
Art. 6(1) GDPR
Art. 12(1) GDPR
Art. 14(1) GDPR
Art. 15(1) c) GDPR
d)
g)
Art. 24(1) GDPR
Art. 25(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
verified correct
Belgium enforcementAutorité de Protection des Données actionsAll Company actions
Full Legal Summary
Detailed

The Belgian DPA imposed a fine of EUR 20,000 on a company. The controller is a company engaging in direct marketing activities. During those activies the company failed to comply with multiple data processing principle. In particular the company had no sufficient legal basis for the data processing, failed to inform the data subjects and failed to provide data subjects with lawfully requested informations.

Related Enforcement Actions (2)

Other enforcement actions involving Company in BE

Fine
Apr 2022· Autorité de Protection des Données

The data subject is a former managing director of the controller. When the data subject was dismissed, he deleted the data on the work laptop before h...

€8K
Fine
Aug 2022· Autorité de Protection des Données

The Belgian DPA has imposed a fine of EUR 2,500 on a company. The company operates a digital management platform where suppliers and customers can com...

€3K
Current
Apr 2025

Fine

€20K

Details

Fine Date

22 April 2025

Authority

Autorité de Protection des Données

Fine Amount

€20,000

Enforcement Tracker ID

ETid-2613

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Belgium (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: