Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2023-02-06 | I&S Limited Kft | €81K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR, Art. 13 (1), (2) GDPR, Art. 24 GDPR, Art. 25 GDPR |
| 2019-04-04 | Company in the financial sector | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | The fine was issued because, in April 2019, the company hadn’t taken the necessa...The fine was issued because, in April 2019, the company hadn’t taken the necessary measures to ensure the integrity and confidentiality of information (as per Art. 5 para. 1 lit. f GDPR) when it disposed of documents that contained personal information of two clients. We should mention that the documents were simply disposed of in the general waste recycling system where they were found by a neighbor. Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2019-04-04 | Company in the financial sector | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 32 GDPR |
| 2020-09-30 | Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli' (Private Hospital) | €80K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 28 GDPR, Art. 32 GDPR |
| 2019-07-16 | Life at Parliament View | €80K | GDPR | Information Commissioner | United Kingdom | Non-compliance (Data Breach) | The Company experienced the data breach when it transferred the personal data of...The Company experienced the data breach when it transferred the personal data of 18,610 customers to a partner organization. In doing so, the company allowed anyone to access the personal data because the “Anonymous Authentication” function was switched on. The data breach was active for two years. Articles: Data Protection Act 2018 |
| 2019-10-17 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | Because of insufficient data security mechanisms, a digital publication accident...Because of insufficient data security mechanisms, a digital publication accidentally disclosed personal health data related to several subjects. Articles: Art. 32 GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | Two companies working in finances didn’t follow the procedure when disposing of ...Two companies working in finances didn’t follow the procedure when disposing of personal data. Articles: Art. 32 GDPR |
| 2020-07-20 | Orange Espagne S.A.U. | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-11-29 | ING Bank N.V. Amsterdam | €80K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | The Romanian branch of ING Bank N.V. Amsterdam was fined with €80,000 due to not...The Romanian branch of ING Bank N.V. Amsterdam was fined with €80,000 due to not respecting data protection principles (privacy by design și privacy by default) by not implementing adequate technical measures to ensure the protection of personal data. As a consequence of this, a total of 225,525 had their transactions doubled on debit card payments during the period of 8-10 October 2018.This is one of the bigger fines in Romania, but it’s interesting to note that for similar offenses in other countries fines of over several millions of Euros are usually awarded. This denotes again the fact that different countries have different approaches to GDPR enforcement. Articles: Art. 25 GDPR |
| 2019-07-16 | Life at Parliament View | €80K | GDPR | Information Commissioner | United Kingdom | Non-compliance (Data Breach) | --Articles: Data Protection Act 2018 |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-11-15 | BANKINTER, S.A. | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-11-28 | ING Bank N.V. Amsterdam | €80K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 25 GDPR |
| 2019-07-30 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | In a digital publication, health data was accidentally published due to inadequa...In a digital publication, health data was accidentally published due to inadequate internal control mechanisms.Due to inadequate internal control mechanisms, health data was made public by a digital publication. Articles: Art. 32 GDPR |
| 2020-02-14 | Iberdrola Clientes | €80K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-10-17 | Unknown | €80K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-10-04 | Bank Millennium S.A | €78K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Information obligation non-compliance | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Vodafone España has signed a contract regarding the transfer of a phone subscrip...Vodafone España has signed a contract regarding the transfer of a phone subscription with a third party person without the account holder’s knowledge or permission. The account holder received an email from the third party regarding the purchase that was made in his name. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-01-07 | EDP Comercializadora, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company was fined because it processed personal data in regards to a gas con...The company was fined because it processed personal data in regards to a gas contract without the applicants’ consent. The investigation revealed that the applicant received an invoice for the supplying of natural gas, a contract which they didn’t sign. EDP Comercializadora argued that since the applicant had a contract with another gas company with which EDP Comercializadora had a collaboration agreement, it was justified to process the personal data of the respective individuals. The AEPD, however, ruled that the company was required to receive permission directly from the affected individuals to process personal data. Articles: Art. 6 GDPR |
| 2020-06-15 | Xfera Moviles S.A. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 6 GDPR |
| 2020-02-03 | Vodafone España, S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A former customer of the company continued to receive invoice notices even after...A former customer of the company continued to receive invoice notices even after the contractual obligation between the two parties has ended. The company indicated a technical error for the issuing of the unsolicited notices. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-11-03 | Burwebs S.L. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), e) GDPR, Art. 12 (2) GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 30 (1) GDPR, Art. 22 (2) LSSI |
| 2020-06-09 | Equifax Iberica, S.L. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR |
| 2020-01-07 | EDP España S.A.U. | €75K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company was fined because it processed personal data such as name, tax ident...The company was fined because it processed personal data such as name, tax identification number, address and phone number without the consent of the affected individuals. Articles: Art. 6 GDPR |