Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
253 fines found
Total: $230.6M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-07-22 | Atac s.p.a. | €400K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 30 GDPR, Art. 32 GDPR |
| 2021-02-11 | Roma Capitale | €350K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2023-01-01 | Ediscom S.p.a. | €300K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), c) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 14 GDPR, Art. 25 GDPR, Art. 130 Codice della privacy |
| 2021-09-16 | Bocconi University | €200K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 35 GDPR, Art. 44 GDPR, Art. 46 GDPR, Art. Art. 2-sexies Codice della Privacy |
| 2022-04-28 | Amiu S.p.A. | €200K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 37 GDPR |
| 2020-07-13 | Merlini s.r.l. | €200K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 28 GDPR, Art. 29 GDPR |
| 2021-07-22 | Regione Lombardia | €200K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR |
| 2022-04-28 | Tarento municipality | €150K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 GDPR, Art. 35 GDPR |
| 2021-05-27 | Azienda Provinciale per i Servizi Sanitari di Trento | €150K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1), f) GDPR, Art. 9 GDPR |
| 2021-11-11 | TIM S.p.A. | €150K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR |
| 2021-05-27 | Azienda Usl della Romagna | €120K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR |
| 2022-12-15 | Eurosanita S.P.A. | €120K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 9 GDPR, Art. 32 GDPR |
| 2020-12-17 | Azienda Unita Sanitaria Locale Toscana Sud Est | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 GDPR, Art. 35 GDPR |
| 2022-10-06 | Veneto Tegion | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy |
| 2022-09-15 | Lazio Region | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), d) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 24 GDPR |
| 2022-12-01 | Lazio Region | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 113 Codice della privacy, Art. 114 Codice della privacy |
| 2022-05-26 | Intesa Sanpaolo S.p.A. | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 6 GDPR |
| 2021-12-16 | Ubi Banca Spa | €100K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR |
| 2021-05-13 | Comune di Bolzano | €84K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 GDPR, Art. 35 GDPR |
| 2020-09-30 | Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) | €80K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2021-01-14 | Regione Lazio | €75K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 (2) GPDR, Art. 28 GDPR |
| 2021-02-11 | Ministero dello Sviluppo Economico | €75K | GDPR | Italian Data Protection Authority (Garante) | Italy | Multiple | --Articles: Art. 5 (1) a), b), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1), (7) GDPR |
| 2022-04-28 | Ospedale San Raffaele s.r.l. | €70K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR |
| 2022-06-16 | Unicredit S.p.A. | €70K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR |
| 2022-05-26 | Azienda sanitaria universitaria Friuli Centrale | €70K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR |