Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
30 fines found
Total: $3.2M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-04-05 | Danske Bank | €1.3M | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | --Articles: Art. 5 (2) GDPR |
| 2019-06-03 | IDdesign A/S | €201K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 5 (2) GDPR |
| 2019-06-03 | IDdesign A/S | €201K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | After an inspection in 2018 when irregularities were noticed, the company IDdesi...After an inspection in 2018 when irregularities were noticed, the company IDdesign was fined. The company had overused the data of over 380.000 customers for a longer period of time than they were allowed to, as per the initial goals of the data processing. Moreover, the company had no clear deadlines regarding the deletion of personal data. The controller had also ignored the necessity of having a clear policy on the data deletion procedures. Articles: Art. 5 (1) e) GDPR, Art. 5 (2) GDPR |
| 2019-03-01 | Taxa 4x35 | €160K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with processing principles | The taxi company was discovered having over 9 million person records that it sto...The taxi company was discovered having over 9 million person records that it stored unlawfully. Because the company hadn’t deleted this personal data, the Danish Data Protection Authority issued a fine. Articles: Art. 5(1) e) GDPR |
| 2019-03-01 | Taxa 4x35 | €160K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with processing principles | --Articles: Art. 5(1) e) GDPR |
| 2020-07-28 | Arp Hansel Hotel Group A/S | €148K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) e) GDPR |
| 2022-06-22 | Gyldendal A/S | €134K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR |
| 2021-09-29 | Danish Cancer Society | €107K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-07-09 | Medicals Nordic I/S | €81K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GPDR |
| 2021-07-16 | Region of Syddanmark | €68K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-07-24 | SIRIUS (law firm) | €67K | GDPR | Spanish Data Protection Authority (AEPD) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-09-17 | Syddanmark Region | €67K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-09-08 | Midtjylland Region | €54K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-07-07 | Nordbornholms Byggeforretning Aps | €54K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-06-16 | Vejle Municipality | €27K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-08-17 | Danish Immigration Agency | €20K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-08-04 | PrivatBo A.M.B.A | €20K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2020-03-10 | Gladsaxe Municipality | €14K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-03-10 | Gladsaxe Municipality | €14K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | A computer that belonged to the administration of the municipality was stolen. T...A computer that belonged to the administration of the municipality was stolen. The computer was not encrypted and it included the personal identification numbers of 20,620 residents. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-12-16 | Municipality of Frederiksberg | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-02-12 | IDdesign A / S (update) | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 5 (2) GDPR |
| 2022-05-12 | Civilstyrelsen | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR, Art. 33 GDPR |
| 2021-09-16 | Favrskov Municipality | €10K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-03-10 | Hørsholm Municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | A work computer belonging to a city government employee was stolen. The computer...A work computer belonging to a city government employee was stolen. The computer contained personal data of around 1,600 city government employees as well as sensitive information such as social security numbers. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-03-10 | Hørsholm Municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |