Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
55 fines found
Total: $20.7M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-09-08 | Warsaw University of Life Sciences | €11K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2023-03-01 | Housing Cooperative | €11K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Insufficient fulfilment of data breach notification obligations | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2021-12-09 | Warsaw University of Technology | €10K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1) GDPR, Art. 32 (1), (2) GDPR |
| 2022-11-30 | PIONIER (law firm) | €10K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1), a) GDPR, Art. 6 (1) GDPR, Art. 9 GDPR |
| 2019-10-18 | Polish Mayor | €9K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | No data processing agreement has been concluded with the company whose servers c...No data processing agreement has been concluded with the company whose servers contained the resources of the Public Information Bulletin (BIP) of the Municipal Office in Aleksandrów Kujawski. For this reason, a fine of 40.000 PLN (9400 EUR) was imposed on the mayor of the city. Articles: Art. 28 GDPR |
| 2019-10-18 | Polish Mayor | €9K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 28 GDPR |
| 2023-02-08 | Company | €7K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR, Art. 32 (1), (2) GDPR |
| 2022-08-30 | TIMSHEL Sp. z o.o. | €7K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Insufficient cooperation with supervisory authority | --Articles: Art. 58 (1) e) GDPR |
| 2023-01-19 | Szczecin-Centrum District Court | €6K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR, Art. 32 (1), (2) GDPR |
| 2021-01-05 | Śląski Uniwersytet Medyczny (Medical University of Silesia) | €6K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2021-04-27 | PNP S.A. | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 (1) e) GDPR |
| 2021-03-19 | Funeda Sp z o.o. | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 (1) a), e) GDPR |
| 2020-03-04 | School in Gdansk | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | Biometric fingerprint scanners were used in a school in Gdansk (Poland) to authe...Biometric fingerprint scanners were used in a school in Gdansk (Poland) to authenticate students into the school’s payment processing system. While the parents have given written consent to the processing of this kind of data, the Polish National Personal Data Protection Office (UODO) argued that the data processing was nevertheless unlawful, as the consent was obtained involuntarily. It was argued that the school required the consent, otherwise, it would not have been able to process student’s payments at all, meaning parents had no choice other than to “consent”. Articles: Art. 5 GDPR |
| 2020-03-04 | School in Gdansk | €5K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR |
| 2020-03-09 | Vis Consulting Sp. Z o.o. | €4K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2022-06-06 | Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. | €4K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 33 GDPR |
| 2020-07-10 | East Power Sp. z o.o. | €3K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2021-06-30 | Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra | €3K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Information obligation non-compliance | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2020-12-09 | Smart Cities Sp. z o.o. | €3K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2021-08-14 | President of the Zgierz District Court | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 32 (1) b), d), (2) GDPR |
| 2022-07-27 | University Hospital of the Medical University of Warsaw | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Insufficient fulfilment of data breach notification obligations | --Articles: Art. 33 GDPR, Art. 34 GDPR |
| 2022-05-31 | Stołeczny Ośrodek dla Osób Nietrzeźwych | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2019-11-01 | L. Sp z o.o. | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR |
| 2022-11-02 | Mayor | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 25 (1) GDPR, Art. 32 (1), (2) GDPR |
| 2022-08-31 | Unknown | €1K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 (1) a), e) GDPR |