Search Privacy Fines

Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR

Articles: Art. 32 GDPR

Articles: Art. 5 (1) a) GDPR, Art. 12 GDPR, Art. 13 GDPR

Articles: Art. 5 (1) a), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 16 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 22 GDPR, Art. 35 GDPR

Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR

Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 13 (1) c) GDPR, Regulation 21 PECR

Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR

Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR

Articles: Art. 32 GDPR

The company had stored some 500,000 documents containing names, addresses, dates of birth, NHS numbers and medical information and prescriptions in unsealed containers at the back of the building and failed to protect these documents from the elements, resulting in water damage to the documents.The company stored around 500,000 documents that contained the names, addresses, birth fates, and NHS identification numbers as well as medical information and prescriptions in unsealed containers at the back of a building. As a result of this, the documents were exposed to the elements which resulted in water damage and potentially to the loss of some data.

Articles: Art. 32 GDPR

Leave.EU subscriber emails contained marketing ads related to the GoSkippy services of the Eldon Insurance firm. The data subjects did not give their consent to this, hence the fine issued by the ICO.

Articles: Art.14 of the GDPR

Articles: Art.14 of the GDPR

Articles: Art. 5 (1) a) f) GDPR

The Company sent marketing messages to over 2.5 million customers without their consent. The marketing message encouraged data subjects the “My EE” app to manage their accounts. Furthermore, the Company sent another batch of marketing messages to other customers afterward.

Articles: Art.14 GDPR

Articles: Art.14 GDPR

Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR

Articles: Data Protection Act 2018

The Company experienced the data breach when it transferred the personal data of 18,610 customers to a partner organization. In doing so, the company allowed anyone to access the personal data because the “Anonymous Authentication” function was switched on. The data breach was active for two years.

Articles: Data Protection Act 2018

Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR

Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR

While the trial hasn’t ended yet, the ICO intends to fine the company. This is in accordance with Art. 32 of the GDPR, which the company allegedly infringed in a cyber-incident in November 2018. The incident involved the public exposal of personal records belonging to over 339 million people, out of which 31 million were residents of the European Economic Area. This vulnerability is believed to have been present in the Starwood hotels group, which Marriott International acquired. Due to the inappropriate and insufficient attention paid to the security of the systems, the ICO believes a fine is in order.<strong>Notice:</strong> Marriott is facing a fine of €110,390,200, but this is not yet final. As such, it’s not included in our statistics dashboard.

Articles: Art. 32 GDPR

Articles: Unknown

The Company shared personal driver details with other third-parties, including parking firms.

Articles: Unknown

The ICO notified the British Airways of its intention to issue a fine worth 183.39 million pounds because of an alleged infringement of Art. 31 of the GDPR. The reason for this is related to an incident which the company reported in September 2018, when the British Airways website had diverted the users’ traffic to a dangerous website. The hackers in charge of this website had stolen the personal data of more than 500.000 customers. The company had poor security mechanisms to prevent such cyber-attacks from happening.<strong>Notice:</strong> British Airways is facing a fine of €204,600,000, but this is not yet final. As such, it’s not included in our statistics dashboard.

Articles: Art. 32 GDPR