Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,028 fines found

Total: $8.1B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2020-09-01	Telefónica Móviles España, SAU	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2020-01-07	EDP España S.A.U.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	The company was fined because it processed personal data such as name, tax ident... The company was fined because it processed personal data such as name, tax identification number, address and phone number without the consent of the affected individuals. Articles: Art. 6 GDPR
2020-11-05	Telefonica Moviles Espana, S.A.U.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2020-01-07	EDP España S.A.U.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR
2021-12-16	Bank	€75K	GDPR	Belgian Data Protection Authority (APD)	Belgium	Insufficient involvement of data protection officer	-- Articles: Art. 38 (6) GDPR
2019-11-28	Curenergía Comercializador de último recurso	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR
2021-02-11	Ministero dello Sviluppo Economico	€75K	GDPR	Italian Data Protection Authority (Garante)	Italy	Multiple	-- Articles: Art. 5 (1) a), b), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1), (7) GDPR
2021-12-29	Greek Ministry of Tourism	€75K	GDPR	Hellenic Data Protection Authority (HDPA)	Greece	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 13 GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 37 GDPR
2019-11-28	Curenergía Comercializador de último recurso	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	A private individual complained that the company had used their personal data th... A private individual complained that the company had used their personal data that included their first and last name, address and VAT number in order to open an electricity supply contract. The individual was a former customer of the company, and as such the company was not allowed anymore to reuse the former customer’s data without their permission. Articles: Art. 6 GDPR
2022-11-03	Burwebs S.L.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), b), e) GDPR, Art. 12 (2) GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 30 (1) GDPR, Art. 22 (2) LSSI
2020-02-03	Vodafone España, S.A.U.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2021-01-27	Unknown	€75K	GDPR	French Data Protection Authority (CNIL)	France	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2020-05-16	Tusla	€75K	GDPR	Data Protection Authority of Ireland	Ireland	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2020-06-09	Equifax Iberica, S.L.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 15 GDPR
2020-01-07	EDP Comercializadora, S.A.U.	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR
2020-07-23	Telefónica Móviles España, SAU	€75K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2019-02-26	Rælingen Municipality	€74K	GDPR	Norwegian Supervisory Authority (Datatilsynet)	Norway	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
2022-10-05	Bank	€73K	GDPR	Hungarian National Authority for Data Protection and the Freedom of Information	Hungary	Failure to comply with data processing principles	-- Articles: Art. 5 (2) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR
2020-05-29	Taksi Helsinki	€72K	GDPR	Deputy Data Protection Ombudsman	Finland	Failure to comply with processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 35 GDPR
2020-12-17	University College Dublin	€70K	GDPR	Data Protection Authority of Ireland	Ireland	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 (1) e), f) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR
2022-05-26	Azienda sanitaria universitaria Friuli Centrale	€70K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR
2019-10-25	LGS Handling Ltd	€70K	GDPR	Cypriot Data Protection Commissioner	Cyprus	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR, Art. 9 GDPR
2022-04-28	Ospedale San Raffaele s.r.l.	€70K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
2019-10-25	LGS Handling Ltd	€70K	GDPR	Cypriot Data Protection Commissioner	Cyprus	Non-compliance with lawful basis for data processing	The national data protection authority determined that the company used the Brad... The national data protection authority determined that the company used the Bradford factor for profiling and monitoring sick leave and that this constituted unlawful processing of personal data. Articles: Art. 6 GDPR, Art. 9 GDPR
2023-03-23	Orange Espagne S.A.U.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR

PreviousPage 16 of 82Next