Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
10 fines found
Total: $243K
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-11-23 | Icelandic Ministry of Industry and Innovation | €51K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2022-05-03 | City of Reikjavik | €36K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR |
| 2021-06-15 | Huppuis ehf | €34K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 13 (1), (2) GDPR |
| 2021-11-23 | YAY ehf. | €27K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2020-03-10 | Addiction Medicine Center | €21K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-03-10 | Addiction Medicine Center | €21K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to implement sufficient measures to ensure information security | A former employee of National Center of Addiction Medicine (‘SAA’) r...A former employee of National Center of Addiction Medicine (‘SAA’) received boxes that contained personal belongings that he supposedly left there but personal data and health records of 252 former patients and documents with the names of around 3,000 individuals who once participated in an alcohol and drug abuse rehabilitation program. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-05-03 | HEI – Medical Travel | €11K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 (1), (3) GDPR, Art. 9 (1) Act 90/2018, Art. 17 (2) Act 90/2018 |
| 2020-03-10 | Breiðholt School | €9K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-03-10 | Breiðholt School | €9K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to implement sufficient measures to ensure information security | A teacher had sent an email to parents and students that contained an attachment...A teacher had sent an email to parents and students that contained an attachment that had detailed information on the well-being and academic performance of all students. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-03-08 | Hörpu tónlistar- og ráðstefnuhúss ohf. | €7K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 GDPR |