Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
663 fines found
Total: $51.8M
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 1970-01-01 | Vodafone Espana | €27K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | The data subject had demanded that his data be deleted from the Vodafone records...The data subject had demanded that his data be deleted from the Vodafone records in 2015, which the company agreed to and confirmed. However, he received more than 200 SMS messages in 2018, which Vodafone admitted it was a technical error on their part. They had performed tests, and the data subject’s phone number mistakenly appeared in various customer files. The fine was set at 27.000 Euros since Vodafone admitted to its mistake. Articles: Art. 5 (1) d) GDPR |
| -- | Vodafone Espana | €27K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 (1) d) GDPR |
| 2020-06-09 | Glovoapp23 | €25K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | No data protection officer appointed | --Articles: Art. 37 GDPR |
| 2022-11-02 | CAIXABANK S.A. | €25K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 16 GDPR |
| 2023-04-20 | KFC RESTAURANTS SPAIN, S.L. | €25K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR, Art. 37 GDPR |
| 2023-04-21 | SECURITAS DIREC ESPANA, S.A. | €25K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (2) GDPR |
| 2020-07-02 | Iberdrola Clientes | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 GDPR |
| 2020-03-03 | Vodafone España | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-07-20 | Banco Bilbao Vizcaya Argentaria, SA | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-12-07 | NBQ Technology, S.A.U. | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2023-01-02 | FACTOR ENERGIA, S.A. | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2022-12-29 | SUMINISTRADOR IBERICO DE ENERGIA, S.L. | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2022-10-09 | CAJA DE SEGUROS REUNIDOS, COMPAÑÍA DE SEGUROS Y REASEGUROS, S.A. | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2020-03-03 | Vodafone España | €24K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company sent two SMS messages to a person informing them about the rate chan...The company sent two SMS messages to a person informing them about the rate change of a contract as well as the purchase of a mobile phone. The customer did not consent to the processing of their personal data and Vodafone sent the text messages without prior written consent from the customer. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-10-19 | Vodafone Espana | €21K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2019-10-19 | Vodafone Espana | €21K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vodafone had processed personal data of the claimant (bank details, name, surnam...Vodafone had processed personal data of the claimant (bank details, name, surname and national identification number) years after the contractual relationsid had ended. The fine of EUR 35.000 was reduced to EUR 21.000.Vodafone processed the personal details of a former client, details that included first name, last name and national ID number, several years after their contractual relationship had ended. The initial fine was set at €35,000 but it was reduced to €21,000 due to cooperation on behalf of Vodafone Espana. Articles: Art. 6 (1) GDPR |
| 2019-04-08 | Private individual | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Video surveillance was used to monitor employees.Video surveillance was used to monitor employees. Articles: Art. 5 (1) c) GDPR |
| 2021-11-30 | DAVISER SERVICIOS, S.L. | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2020-02-03 | Iberia Lineas Aereas | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company continued to send emails to individuals even after the affected indi...The company continued to send emails to individuals even after the affected individuals have requested to be removed from the company’s database or be added to a “no-contact” list. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR |
| 2020-11-06 | Xfera Moviles S.A. | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 31 GDPR |
| 2021-06-07 | Master Distancia S.A. | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2020-02-03 | Iberia Lineas Aereas | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR |
| 2019-04-08 | Private individual | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |
| 2022-09-06 | MUXERS CONCEPT, S.L. | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-01-01 | Employer | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |