Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
41 fines found
Total: $231K
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-01-04 | Unknown | €119K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR, Art. 14 GDPR |
| 2020-01-01 | Unknown | €19K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Multiple | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 12 (2), (3), Art. 15 GDPR, Art. 16 GDPR, Art. 17 GDPR, Art. 18 GDPR, Art. 19 GDPR, Art. 20 GDPR, Art. 21 GDPR, Art. 22 GDPR |
| 2019-03-21 | Unknown | €10K | GDPR | Czech Data Protection Auhtority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) GDPR |
| 2019-03-21 | Unknown | €10K | GDPR | Czech Data Protection Auhtority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | The data was processed inadequately, in inobservance with the data minimization ...The data was processed inadequately, in inobservance with the data minimization and storage limitation principles of the GDPR. This means the data that was processed went beyond the relevant needs for the purpose of the processing, while also being kept in a form that permits the identification of data subjects longer than it is necessary for the purpose of the processing. Articles: Art. 5 (1) GDPR |
| 2019-03-21 | Not available | €10K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | The data processing had breached the storage limitation and data minimization pr...The data processing had breached the storage limitation and data minimization principles of the GDPR. Articles: Art. 5 (1) c) GDPR, Art. 5 (1) e) GDPR |
| 2019-03-21 | Not available | €10K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 5 (1) e) GDPR |
| 2020-01-01 | Television Broadcaster | €4K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 12 (1) GDPR |
| 2022-01-01 | Company | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Unknown | --Articles: Unknown |
| 1970-01-01 | UniCredit Bank | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | UniCredit Bank opened a bank account for a person who has not requested any acco...UniCredit Bank opened a bank account for a person who has not requested any account to be opened. The bank allegedly had his personal data at their disposal because the affected person was responsible for closing a bank account operated by his employer. The bank was requested to prove that it had consent from the data subject to process his personal data but was unable to provide this proof. Articles: Art. 6 GDPR |
| -- | UniCredit Bank | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-05-13 | Not known | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Not known | Not available.Not available. Articles: Art. 5 (1) a) GDPR, Art. 5 (1) b) GDPR, Art. 32 (1) GDPR |
| 2019-05-13 | Not known | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Not known | --Articles: Art. 5 (1) a) GDPR, Art. 5 (1) b) GDPR, Art. 32 (1) GDPR |
| 2020-01-01 | Mall.tv | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-01-01 | Unknown | €2K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 12 (2) GDPR, Art. 5 (1) GDPR |
| 2019-02-04 | Car renting company | €1K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | The company sold a card that was constantly tracked through GPS. The owner found...The company sold a card that was constantly tracked through GPS. The owner found this out and reported it since the company had no information related to this GPS tracking. The Czech Data Protection Authority decreed that this was a violation of Art. 5 (1) of the GDPR, and issued a fine. Articles: Art. 5 (1) a) GDPR |
| 2019-02-04 | Credit brokerage | €1K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | The company did not process the data using the appropriate security measures req...The company did not process the data using the appropriate security measures required to prevent unlawful alteration or destruction of the data. Articles: Art. 32 GDPR |
| 2019-02-04 | Credit brokerage | €1K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-02-04 | Car renting company | €1K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a) GDPR |
| 1970-01-01 | Individual entrepreneur | €980 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | An online game operator was exposed to a DDoS attack that led to the malfunction...An online game operator was exposed to a DDoS attack that led to the malfunctioning of the game serves. The attackers blackmailed the operator into paying money for the attacks to stop. As part of the “deal”, the attackers offered the operator to create and implement a better firewall protection system that would prevent any future attacks from other parties. The operator agreed to this “deal”. The game operator then implemented the new code which indeed proved to be better than the old one used but – let’s be honest, unsurprisingly – also included a backdoor that allowed the attacker to steal all the data that was on the server which included player details and personal information. The attacker uploaded this information on their website after that. Articles: Art. 32 GDPR |
| -- | Individual entrepreneur | €980 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-02-26 | Not available | €776 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with subjects' rights protection safeguards | Not available.Not available. Articles: Art. 15 GDPR |
| 2019-02-26 | Not available | €776 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR |
| 1970-01-01 | Alza.cz a.s. | €588 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | The company acquired a photocopy of a person’s ID card with the personR...The company acquired a photocopy of a person’s ID card with the person’s consent but continued to use and process the personal data even after the affected person had withdrawn their consent. Articles: Art. 6 GDPR, Art. 7 GDPR |
| -- | Alza.cz a.s. | €588 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 7 GDPR |
| 2019-02-28 | Not available | €582 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |