Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
253 fines found
Total: $230.6M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-02-11 | Roma Servizi per La Mobilita S.r.L. | €60K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-09-30 | Scanshare s.r.l. | €60K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 32 GDPR |
| 2022-12-15 | Azienda Universataria Friuli Occidentale | €55K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 GDPR, Art. 14 GDPR, Art. 35 GDPR, Art. 2-sexies Codice della privacy |
| 2022-12-15 | Azienda Universitaria Friuli Centrale | €55K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 GDPR, Art. 14 GDPR, Art. 35 GDPR, Art. 2-sexies Codice della privacy |
| 2022-12-15 | Azienda Universitaria Giuliano Isontina | €55K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 GDPR, Art. 14 GDPR, Art. 35 GDPR, Art. 2-sexies Codice della privacy |
| 2021-01-27 | Azienda Ospedaliero Universitaria di Senese | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR |
| 2019-04-24 | Movimento 5 Stelle Party | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-05-26 | Azienda sanitaria uniersitaria Friuli Occidentale | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Unknown | --Articles: Unknown |
| 2021-01-27 | Azienda Ospedaliero Universitaria di Parma | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GPDR, Art. 9 GDPR |
| 2021-01-27 | Azienda USL della Romagna | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), d), f) GDPR, Art. 9 GDPR, Art. 32 (1) b) GDPR |
| 2019-04-24 | Movimento 5 Stelle Party | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | Website affiliated with the Movimento 5 Stelle, an Italian political party, had ...Website affiliated with the Movimento 5 Stelle, an Italian political party, had a data breach in 2017. Rousseau, the data processor running these websites, had insufficient security measures in place. Garante, the Italian Data Protection Authority, issued a request to update these measures and the privacy information notice, for more transparency on the processing of data. The information issue was completed on time. However, Rousseau failed to adopt new security measures, and it was fined by Garante. Articles: Art. 32 GDPR |
| 2022-04-28 | Istituto Nazionale Assicurazione Infortuni sul Lavoro | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 6 (1) e) GDPR, Art. 9 (2) g) GDPR, Art. 32 GDPR, Art. 2-ter Codice della privacy, Art. 2-sexies Codice della privacy |
| 2022-04-07 | Palumbo Superyacht Ancona s.r.l. | €50K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), e) GDPR, Art. 13 GDPR, Art. 12 (3) GDPR, Art. 15 GDPR, Art. 157 Codice della privacy, Art. 166 (2) Codice della privacy |
| 2022-05-26 | Azienda Sanitaria Locale Roma | €46K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 (1) c), d) GDPR, Art. 6 (2), (3) GDPR, Art. 9 (1), (2), (4) GDPR, Art. 2-ter (1), (2) Codice della privacy, Art. 2-septies (8) Codice della privacy |
| 2021-02-11 | Istituti ospedalieri bergamaschi | €45K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 32 GDPR |
| 2022-07-07 | Senseonics Inc. | €45K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), f) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 27 GDPR |
| 2022-11-10 | Usl Valle d’Aosta | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR |
| 2022-04-07 | ISWEB S.p.A. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 GDPR |
| 2022-04-28 | Il Sole 24 Ore S.p.a. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 9 GDPR, Art. 12 GDPR |
| 2022-01-27 | T.S.M. s.r.l. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. 157 Codice della privacy, Art. 166 (2) Codice della privacy |
| 2021-06-10 | Aeroporto Guglielmo Marconi di Bologna S.p.a. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 25 GDPR, Art. 32 GDPR |
| 2022-09-16 | FCA Italy S.p.A. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (1), (2), (3), (4) GDPR, Art. 15 GDPR |
| 2022-04-07 | Azienda ospedaliera di Perugia | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) a), f) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 25 GDPR, Art. 30 GDPR, Art. 32 GDPR, Art. 35 GDPR |
| 2021-06-10 | Aeroporto Guglielmo Marconi di Bologna S.p.a. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 GDPR, Art. 32 GDPR |
| 2020-12-17 | Miropass S.r.l. | €40K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 28 GDPR |