Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-10-09 | Vreau Credit SRL | €20K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | The Company sent personal information through the WhatsApp platform to Raiffeise...The Company sent personal information through the WhatsApp platform to Raiffeisen Bank in order to facilitate the assessment of personal scores. The results were returned on the same platform. Articles: Art. 32 GDPR, Art. 33 GDPR |
| 2022-11-10 | Sporitalia | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 GDPR, Art. 13 GDPR, Art. 30 (1) c) GDPR |
| 2022-05-12 | Bazar di Hu Xiaoyan | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 13 GDPR, Art. 114 Codice della privacy |
| 2022-10-03 | NATIONAL BANK OF GREECE S.A. | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR |
| 2022-10-03 | EUROBANK ERGASIAS S.A. | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR |
| 2018-11-21 | Knuddels.de | €20K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Failure to implement sufficient measures to ensure information security | A hack revealed the personal data that included email addresses and passwords of...A hack revealed the personal data that included email addresses and passwords of around 330,000 users. Articles: Art. 32 GDPR |
| 2019-10-18 | Wind Hellas Telecommunications | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with subjects' rights protection safeguards | The company ignored objections voiced by the affected parties regarding advertis...The company ignored objections voiced by the affected parties regarding advertising and marketing calls. Articles: Art. 21 GDPR |
| 2020-02-06 | RTI - Reti Televisive Italiane s.p.a. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-10-18 | Wind Hellas Telecommunications | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 21 GDPR |
| 2021-12-16 | FCA Italy s.p.a. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR |
| 2021-01-05 | Nestor SAS | €20K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 13 GDPR |
| 2022-10-03 | ALFA BANK, S.A. | €20K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to implement sufficient measures to ensure information security | --Articles: Art. 13 GDPR |
| 2019-02-05 | Not available | €20K | GDPR | Portuguese Data Protection Authority (CNPD) | Portugal | Non-compliance with lawful basis for data processing | Not available.Not available. Articles: Art. 15 GDPR |
| 2021-11-30 | DAVISER SERVICIOS, S.L. | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2020-11-23 | Burgo Group, S.p.A | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 13 GDPR |
| 2020-11-26 | Concentrix Cvg Italy s.r.l. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) b), c) GDPR, Art. 9 (1) b) GDPR |
| 2019-01-01 | https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf | €20K | GDPR | Data Protection Authority of Hamburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 33 GDPR, Art. 34 GDPR |
| 2019-11-29 | SC CNTAR TAROM SA | €20K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | A fine of €20,000 was issued to the Romanian national airline Tarom because it f...A fine of €20,000 was issued to the Romanian national airline Tarom because it failed to implement the necessary technical measures to ensure the security of personal information. As a consequence of these inadequate measures, a Tarom employee was able to access the flight booking application without authorization and see the personal data of 22 passengers, after which the employee took a photo of the list and made it public online. Articles: Art. 32 GDPR |
| 2020-10-29 | Gaypa s.r.l. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c), e) GDPR, Art. 12 GDPR, Art. 13 GDPR |
| 2022-04-28 | Nos s.r.l.s. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2020-02-03 | Iberia Lineas Aereas | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR |
| 2019-04-08 | Private individual | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |
| 2019-04-12 | SC CNTAR TAROM SA | €20K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-04-08 | Private individual | €20K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Video surveillance was used to monitor employees.Video surveillance was used to monitor employees. Articles: Art. 5 (1) c) GDPR |
| 2022-04-07 | Made in Italy s.r.l.s. | €20K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 7 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 130 (3) Codice della privacy, Art. 157 Codice della privacy, Art. 166 (2) Codice della privacy |