National Revenue Agency

€2.6M($2.8M USD)final

Date Issued

2019-08-28

Regulation

GDPR

Authority

Data Protection Commission of Bulgaria (KZLD)

Country

Bulgaria

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

Because of the inappropriate handling of personal data, more than 6 million individuals had their data hacked. This informational leak was a direct cause of the company’s security laxity.

Articles Violated

Art. 32 GDPR

View Source Document →

Related Headlines

Defending American Tech in Global Markets | Reports & Briefings | Dec 1, 2025 - Information Technology and Innovation Foundation (ITIF)

Information Technology and Innovation Foundation (ITIF) · 12/1/2025

Exclusive: Shein, hit with big fines, boosts internal controls - Reuters

Reuters · 10/9/2025

Europe’s GDPR Fines Against US Firms Are Unfair and Disproportionate - Center for Data Innovation

Center for Data Innovation · 4/17/2025

UK GDPR Regulator Fines Data Processor After Ransomware Attack - Skadden, Arps, Slate, Meagher & Flom LLP

Skadden, Arps, Slate, Meagher & Flom LLP · 4/1/2025

CJEU Rules That Fear May Constitute Damage Under the GDPR - Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP · 12/19/2023

Other Fines for National Revenue Agency

Date	Regulation	Amount (USD)	Type
2019-09-03	GDPR	$30,348	Non-compliance with lawful basis for data processing
2019-09-03	GDPR	$30,348	Non-compliance with lawful basis for data processing
2019-08-28	GDPR	$2,808,000	Failure to implement sufficient measures to ensure information security