Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
151 fines found
Total: $190.9M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-12-09 | Rapidata GmbH | €10K | GDPR | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Germany | No data protection officer appointed | --Articles: Art. 37 GDPR |
| 2023-01-01 | Magdeburg University Hospital | €9K | GDPR | Data Protection Authority of Sachsen-Anhalt | Germany | Failure to notify DPA of a data breach | --Articles: Art. 33 GDPR |
| 2022-01-01 | Police officer | €7K | GDPR | Data Protection Authority of Hessen | Germany | Unknown | --Articles: Unknown |
| 2020-01-01 | Unknown | €7K | GDPR | Data Protection Authority of Bavaria | Germany | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (1) f) GDPR |
| 2022-01-01 | Pharmacy | €7K | GDPR | The DPA of Bremen | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2019-01-23 | Small shipping company | €5K | GDPR | Data Protection Authority | Germany | https://dataprivacy.foxrothschild.com/2019/01/articles/european-union/hessian-dpa-fines-shipping-company-for-missing-data-processing-agreement/ | --Articles: Art. 28 of the GDPR |
| 2022-09-21 | Unknown | €5K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2021-01-01 | Private individual | €5K | GDPR | Data Protection Authority of Saxony | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) GDPR |
| 2019-01-23 | Small shipping company | €5K | GDPR | Data Protection Authority | Germany | https://dataprivacy.foxrothschild.com/2019/01/articles/european-union/hessian-dpa-fines-shipping-company-for-missing-data-processing-agreement/ | The data controller company lacked a data processing agreement with the Spanish ...The data controller company lacked a data processing agreement with the Spanish service provider. Articles: Art. 28 of the GDPR |
| 2018-12-17 | Kolibri Image Regina und Dirk Maass GbR | €5K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to collect sufficient data processing consent | This fine was apparently withdrawn. The case concerned the Kolibri Image who lod...This fine was apparently withdrawn. The case concerned the Kolibri Image who lodged a complaint that a service provider did not want to sign a processing agreement. Afterward, the Kolibri Image was fined because it didn’t have any processing agreement with the service provider. However, the company argued that the service provider was not a processor, and therefore the fine was unreasonable and unwarranted. Articles: Art. 28 (3) GDPR |
| 2018-12-17 | Kolibri Image Regina und Dirk Maass GbR | €5K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to collect sufficient data processing consent | --Articles: Art. 28 (3) GDPR |
| 2022-01-01 | Covid-19 Test Center | €3K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) GDPR |
| 2019-02-05 | Private individual | €3K | GDPR | Data Protection Authority of Sachsen-Anhalt | Germany | Non-compliance with lawful basis for data processing | A private person sent several emails containing the email addresses of several s...A private person sent several emails containing the email addresses of several subjects, and each subject could see other recipients of that email. In the person’s mailing list, more than 131 email addresses had been found. He was accused of ten such offenses. Articles: Art. 6 GDPR, Art. 5 GDPR |
| 2019-02-05 | Private individual | €3K | GDPR | Data Protection Authority of Sachsen-Anhalt | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 5 GDPR |
| 2019-01-01 | Restaurant | €2K | GDPR | Data Protection Authority of Saarland | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2019-01-01 | Restaurant | €2K | GDPR | Data Protection Authority of Saarland | Germany | Failure to comply with data processing principles | The video surveillance cameras had been misused, clearly not in accord with the ...The video surveillance cameras had been misused, clearly not in accord with the data minimization principle. Articles: Art. 5 (1) c) GDPR |
| 2021-01-01 | Police Officer | €2K | GDPR | Data Protection Authority of Berlin | Germany | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-01-01 | Covid-19 test center | €2K | GDPR | Data Protection Authority of Hessen | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 6 (1) GDPR |
| 2019-05-09 | Police Officer | €1K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-01-01 | Covid-19 Test Center | €1K | GDPR | Data Protection Authority of Hamburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) c) GDPR |
| 2019-05-09 | Police Officer | €1K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | The police officer acted outside the boundaries of the law when he used the Cent...The police officer acted outside the boundaries of the law when he used the Central Traffic Information System to find out the personal data of the license plate of an unknown person. Moreover, he then proceeded with a SARS inquiry, gathering personal data of the injured parties (mobile and home phone numbers). The police officer then contacted the wounded party. These actions were done outside his lawful prerogatives, and it is an infringement of personal data. However, he acted not in trying to exercise official duties but to satisfy personal inquiries. Therefore, the police department is not to blame. Articles: Art. 6 GDPR |
| 2022-01-01 | Covid-19 Test Center | €1K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to comply with data processing principles | --Articles: Art. 17 GDPR |
| 2022-01-01 | Physician | €1K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) GDPR |
| 2019-08-06 | Police Officer | €800 | GDPR | Data Protection Authority of Mecklenburg-Vorpommern | Germany | Non-compliance with lawful basis for data processing | A police officer used a witnesse’s personal data to contact her.A police officer used a witnesse’s personal data to contact her. Articles: Art. 6 GDPR |
| 2019-08-06 | Police Officer | €800 | GDPR | Data Protection Authority of Mecklenburg-Vorpommern | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |