Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

2,028 fines found

Total: $8.1B

DateCompanyFineRegulationAuthorityCountryTypeSummary
2020-02-27Vodafone España€120KGDPRSpanish Data Protection Authority (AEPD)SpainNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR

2021-05-27Azienda Usl della Romagna€120KGDPRItalian Data Protection Authority (Garante)ItalyNon-compliance with lawful basis for data processing
--

Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR

2022-12-15Eurosanita S.P.A. €120KGDPRItalian Data Protection Authority (Garante)ItalyFailure to comply with data processing principles
--

Articles: Art. 5 GDPR, Art. 9 GDPR, Art. 32 GDPR

2021-08-25Banco Bilbao Vizcaya Argentaria, S.A.€120KGDPRSpanish Data Protection Authority (AEPD)SpainFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2019-04-29Oslo Municipal Education Department€120KGDPRNorwegian Supervisory Authority (Datatilsynet)NorwayFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2021-01-04Unknown€119KGDPRCzech Data Protection Authority (UOOU)Czech RepublicFailure to comply with data processing principles
--

Articles: Art. 6 (1) GDPR, Art. 14 GDPR

2022-01-19Santander Bank Polska S.A.€117KGDPR Polish National Personal Data Protection Office (UODO)PolandInsufficient fulfilment of data breach notification obligations
--

Articles: Art. 34 (1) GDPR

2022-03-10Tuckers Solicitors LLP€115KGDPR Information Commissioner (ICO)United KingdomFailure to comply with data processing principles
--

Articles: Art. 5 (1) a) f) GDPR

2023-04-13Vodafone Espana, S.A.U.€112KGDPRSpanish Data Protection Authority (AEPD)SpainNon-compliance with lawful basis for data processing
--

Articles: Art. 6 (1) GDPR

2020-06-22Østfold HF Hospital€112KGDPRNorwegian Supervisory Authority (Datatilsynet)NorwayFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2021-11-29UAB Prime Leasing€110KGDPRLithuanian Data Protection Authority (VDAI)LithuaniaFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 (1) b), d) GDPR

2021-12-09Limerick City and County Council€110KGDPRData Protection Authority of IrelandIrelandNon-compliance with subjects' rights protection safeguards
--

Articles: Art. 13 GDPR, Art. 12 GDPR, Art. 15 GDPR

2021-09-29Danish Cancer Society€107KGDPRDanish Data Protection Authority (Datatilsynet)DenmarkFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2019-12-03Rheinland-Pfalz Hospital€105KGDPRData Protection Authority of Rheinland-PfalzGermanyNon-compliance with lawful basis for data processing
The Data Protection Authority of Rheinland-Pfalz issued a fine of €105,000 after...

The Data Protection Authority of Rheinland-Pfalz issued a fine of €105,000 after a hospital after a mixup of patients. As a consequence of this, wrong invoices were issues to the patients that released sensitive personal data.

Articles: Art. 5 GDPR

2019-12-03Rheinland-Pfalz Hospital€105KGDPRData Protection Authority of Rheinland-PfalzGermanyFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2019-10-24Food company€100KGDPRData Protection Authority of Baden-WuerttembergGermanyFailure to implement sufficient measures to ensure information security
--

Articles: Art. 5 GDPR, Art. 32 GDPR

2020-12-01Apotheka e-apteek, Azeta.ee e-apteek, Südameapteegi e-apteek€100KGDPREstonian Data Protection AuthorityEstoniaFailure to comply with data processing principles
--

Articles: Art. 5 GDPR, Art. 6 GDPR

2019-06-24EE€100KGDPRInformation CommissionerUnited KingdomNon-compliance with the right of consent
--

Articles: Art.14 GDPR

2020-12-17Azienda Unita Sanitaria Locale Toscana Sud Est€100KGDPRItalian Data Protection Authority (Garante)ItalyFailure to implement sufficient measures to ensure information security
--

Articles: Art. 5 (1) f) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 28 GDPR, Art. 30 GDPR, Art. 32 GDPR, Art. 35 GDPR

2019-06-24EE€100KGDPRInformation CommissionerUnited KingdomNon-compliance with the right of consent
The Company sent marketing messages to over 2.5 million customers without their ...

The Company sent marketing messages to over 2.5 million customers without their consent. The marketing message encouraged data subjects the “My EE” app to manage their accounts. Furthermore, the Company sent another batch of marketing messages to other customers afterward.

Articles: Art.14 GDPR

2020-12-01Azeeta.ee e-apteek€100KGDPREstonian Data Protection AuthorityEstoniaNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR, Art. 6 GDPR

2020-12-01Südameapteegi e-apteek€100KGDPREstonian Data Protection AuthorityEstoniaNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR, Art. 6 GDPR

2020-12-17Banca Transilvania SA€100KGDPRRomanian National Supervisory Authority for Personal Data Processing (ANSPDCP)RomaniaNon-compliance with lawful basis for data processing
--

Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR

2022-04-04Brussels Airport Charleroi€100KGDPRBelgian Data Protection Authority (APD)BelgiumNon-compliance with lawful basis for data processing
--

Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1) c) GDPR, Art. 6 (3) GDPR, Art. 9 (2) i) GDPR, Art. 12 (1) GDPR, Art. 13 (1) c) GDPR, Art. 13 (2) e) GDPR, Art. 35 (1), (7) GDPR

2022-12-01Lazio Region€100KGDPRItalian Data Protection Authority (Garante)ItalyFailure to comply with data processing principles
--

Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 113 Codice della privacy, Art. 114 Codice della privacy

PreviousPage 13 of 82Next