Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-04-05 | Political Party - Undisclosed | €34K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Information obligation non-compliance | --Articles: Art. 33 (1) GDPR, Art. 33 (5) GDPR, Art. 34 (1) GDPR |
| 2021-06-15 | Huppuis ehf | €34K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 13 (1), (2) GDPR |
| 2022-09-28 | BAYARD REVISTAS, S.A. | €31K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2022-08-02 | Krokatjønnvegen 15 AS | €30K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-12-02 | Ica s.r.l. | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-06-23 | RADIO TELEVISION MADRID, S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-06-23 | CORPORACION DE RADIO Y TELEVISION ESPANOLA, S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-08-03 | Private Polyclinic and Diagnostic Centre of Pyle Axiou | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2019-11-14 | Telefónica SA | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | A person was charged by the phone operator Telefónica for a telephone service th...A person was charged by the phone operator Telefónica for a telephone service that they never requested and owned. This happened because the bank account of the affected person was linked to the Telefónica profile of another person and as such the fees for the service were deduced from the affected person’s account. The AEDP ruled that this was against the principles described by article 5 of GDPR. Articles: Art. 5 GDPR |
| 2023-03-23 | Bolzano Municipality | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2021-01-14 | Azienda sanitaria provinciale di Enna | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| 2019-10-01 | Vueling Airlines | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-12-31 | INFO COMMUNICATION SERVICES | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Information obligation non-compliance | --Articles: Art. 13 GDPR, Art. 14 GDPR, Art. 11 Law 3471/2006 |
| 2023-02-02 | Piraeus Bank | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 33 GDPR, Art. 34 GDPR |
| 2020-02-14 | Xfera Moviles S.A. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The Spanish Data Protection Authority determined that a customer of the company ...The Spanish Data Protection Authority determined that a customer of the company had access to the personal data of other customers. Articles: Art. 32 GDPR |
| 2022-12-15 | ORANGE ESPAGNE, S.A.U. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) GDPR |
| 2019-01-01 | Vodafone Espana, S.A.U. | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-11-17 | Provincial Health Authority of Cosenza | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 9 GDPR |
| 2019-06-24 | Vodafone Espana | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The personal data of a customer was disclosed to a different customer through SM...The personal data of a customer was disclosed to a different customer through SMS. The original fine of €50,000 was reduced to €20,000. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-01-23 | Azienda Ospedaliero Universitaria Integrata di Verona (Hospital) | €30K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-07-19 | DO VALUE GREECE LOANS & CREDITS CLAIM MANAGEMENT S.A. | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 12 (2) GDPR |
| 2020-03-18 | Telefonica | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 GDPR |
| 2020-11-03 | Vodafone España, SAU | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-02-15 | ΛΙΜΕΝΟΣ ΗΡΑΚΛΕΙΟΥ Α.Ε. | €30K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (1), (2) GDPR, Art. 15 (1) GDPR |
| 2019-06-24 | Vodafone Espana | €30K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |