Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,028 fines found

Total: $8.1B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2023-03-23	Orange Espagne S.A.U.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2022-10-31	BANCO BILBAO VIZCAYA ARGENTARIA, S.A.	€70K	GDPR	Slovak Data Protection Office	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) b) GDPR, Art. 5 (1) f) GDPR, Art. 32 GDPR
2023-03-21	CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2022-06-16	Unicredit S.p.A.	€70K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 12 GDPR, Art. 15 GDPR
2022-11-03	UNITED PARCEL SERVICE ESPANA LTD Y COMPANIA SRC	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
2023-04-24	Telefonica Moviles Espana, S.A.U.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2022-05-26	Azienda sanitaria universitaria Friuli Centrale	€70K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 25 GDPR, Art. 32 GDPR
2021-10-19	Vodafone Espana, S.A.U.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 21 GDPR, Art. 21 LSSI
2022-04-28	Ospedale San Raffaele s.r.l.	€70K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
2022-02-01	ORANGE ESPANA VIRTUAL, S.L.	€70K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR
2021-07-16	Region of Syddanmark	€68K	GDPR	Danish Data Protection Authority (Datatilsynet)	Denmark	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2022-07-24	SIRIUS (law firm)	€67K	GDPR	Spanish Data Protection Authority (AEPD)	Denmark	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2021-09-17	Syddanmark Region	€67K	GDPR	Danish Data Protection Authority (Datatilsynet)	Denmark	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2020-08-18	Cork University Maternity Hospital	€65K	GDPR	Data Protection Authority of Ireland	Ireland	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 5 GDPR, Art. 32 GDPR
2020-01-01	Company	€65K	GDPR	Data Protection Authority of Niedersachsen	Germany	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2022-01-17	C-Planet (IT Solutions) Limited	€65K	GDPR	Data Protection Commissioner of Malta	Malta	Many	-- Articles: Art. 5 (1) f) GDPR, Art. 6 (1) GDPR, Art. 9 (1), (2) GDPR, Art. 14 GDPR, Art. 32 GDPR, Art. 33 GDPR, Art. 34 GDPR
2021-06-07	Voice Integrate Nordic AB	€65K	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 GDPR
2021-10-26	Vodafone Espana, S.A.U.	€64K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR
2022-10-09	EVERIS SPAIN S.L.	€64K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
2019-05-16	UAB MisterTango	€62K	GDPR	Lithuanian Data Protection Authority (VDAI)	Lithuania	Failure to implement sufficient measures to ensure information security and information obligation non-compliance	The data controllers had overextended his authority to collect unwarranted infor... The data controllers had overextended his authority to collect unwarranted information about the clients. Moreover, a data breach took place from 09-10 July 2018, when payment data was made available on the internet. Moreover, the data controllers had not reported the data breach. Articles: Art. 5 GDPR, Art. 32 GDPR, Art. 33 GDPR
2019-05-16	UAB MisterTango	€62K	GDPR	Lithuanian Data Protection Authority (VDAI)	Lithuania	Failure to implement sufficient measures to ensure information security and information obligation non-compliance	-- Articles: Art. 5 GDPR, Art. 32 GDPR, Art. 33 GDPR
2020-09-30	Scanshare s.r.l.	€60K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 32 GDPR
2020-09-22	GLP Instalaciones 86, SL	€60K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR
2021-03-16	Vodafone Espana	€60K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR
2020-02-03	Vodafone España, S.A.U.	€60K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	A customer complained that the company had processed their personal data without... A customer complained that the company had processed their personal data without their consent because an email was sent to them on behalf of a company regarding the purchase of a service that was actually not bought by the respective individual. The personal details of the individuals were incorporated into Vodafone España’s systems without the consent of that individual. Initially, the fine was determined to be €100,000 but was reduced to €60,000. Articles: Art. 5 GDPR, Art. 6 GDPR

PreviousPage 17 of 82Next