Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
43 fines found
Total: $1.6M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-11-12 | WS WiSpear Systems Ltd | €925K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR |
| 2019-10-25 | LGS Handling Ltd | €70K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2019-10-25 | LGS Handling Ltd | €70K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | The national data protection authority determined that the company used the Brad...The national data protection authority determined that the company used the Bradford factor for profiling and monitoring sick leave and that this constituted unlawful processing of personal data. Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2021-09-06 | APOEL FC | €40K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-09-06 | AC Omonia | €40K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-09-06 | Hellenic Technical Enterprises Ltd. | €40K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-03-03 | Electricity Authority of Cyprus | €40K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 9 (2) GDPR |
| 2021-03-03 | Hellenic Bank | €25K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) e), f) GDPR, Art. 32 (1) b), c) GDPR, Art. 33 (1) GDPR |
| 2022-01-01 | Bank of Cyprus Public Company Ltd. | €17K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 24 (1) GDPR, Art. 32 GDPR |
| 2020-10-19 | Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance | €15K | GDPR | Bank of Cyprus Public Company Ltd | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 15 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2019-01-01 | Doctor | €14K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | The data controller could not provide access to personal information to a patien...The data controller could not provide access to personal information to a patient because the dossier could not be identified. The patient complained to the Commissioner about this, and the hospital was fined 5.000 Euros. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-01-01 | Doctor | €14K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-04-02 | Εκδοτικού Οίκου Δίας | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-03-01 | Newspaper | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-10-25 | Louis Travel Ltd | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2019-10-25 | Louis Travel Ltd | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | The national data protection authority determined that the company used the Brad...The national data protection authority determined that the company used the Bradford factor for profiling and monitoring sick leave and that this constituted unlawful processing of personal data. Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2021-03-03 | Cypriot Real Estate Registration Authority | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 31 GDPR, Art. 58 (1) e) GDPR |
| 2019-03-01 | Newspaper | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | A newspaper was fined €10,000 after it had published both in electronic and phys...A newspaper was fined €10,000 after it had published both in electronic and physical form the names and pictures of three police investigators. The Cypriot Data Protection Commissioner considered that it would have been enough to publish only the initials of the police officers or photographs from which it would not have been possible to identify the three officials, such as using blurred faces. Articles: Art. 6 GDPR |
| 2023-05-02 | NAGA Markets Europe Ltd | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1) b), d) GDPR |
| 2020-01-13 | Government agency | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | The government agency was fined due to granting the police access to data and fa...The government agency was fined due to granting the police access to data and failing to implement adequate measures to secure the data, even after being warned by the national DPA. Articles: Art. 32 GDPR |
| 2020-01-13 | Government agency | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-01-01 | DW Dynamic Works LIMITED | €8K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2023-01-16 | Πολίτης newspaper | €7K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 (1) f) GDPR |
| 2022-01-01 | Hermes Airport Ltd. | €6K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 24 GDPR, Art. 32 GDPR |
| 2020-10-22 | Cyprus Police | €6K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |