Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,028 fines found

Total: $8.1B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2019-04-08	Private individual	€20K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	Video surveillance was used to monitor employees. Video surveillance was used to monitor employees. Articles: Art. 5 (1) c) GDPR
2022-04-28	Nos s.r.l.s.	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 13 GDPR, Art. 14 GDPR
2021-12-13	Elektro & Automasjon Systemer AS	€20K	GDPR	Norwegian Supervisory Authority (Datatilsynet)	Norway	Failure to comply with data processing principles	-- Articles: Art. 6 (1) f) GDPR
2022-08-05	Cosmopol Security S.p.A.	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 12 (3) GDPR, Art. 15 GDPR
2022-06-16	Deutsche Bank S.p.A.	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-cooperation with Data Protection Authority	-- Articles: Art. 12 (3) GDPR, Art. 15 GDPR
2019-02-05	Not available	€20K	GDPR	Portuguese Data Protection Authority (CNPD)	Portugal	Non-compliance with lawful basis for data processing	-- Articles: Art. 15 GDPR
2022-08-25	Recover AS	€20K	GDPR	Norwegian Supervisory Authority (Datatilsynet)	Norway	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) e) GDPR
2021-06-07	Master Distancia S.A.	€20K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 6 (1) GDPR
2018-12-01	Unknown	€20K	GDPR	Data Protection Authority of Hamburg	Germany	Information obligation non-compliance	-- Articles: Art. 83 (4) a) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR
2022-10-03	PIRAEUS BANK S.A.	€20K	GDPR	Hellenic Data Protection Authority (HDPA)	Greece	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 13 GDPR
2022-08-19	Medical Laboratory	€20K	GDPR	Belgian Data Protection Authority (APD)	Belgium	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 32 GDPR, Art. 35 (1), (3) GDPR
2020-11-23	Burgo Group, S.p.A	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 13 GDPR
2020-10-29	Gaypa s.r.l.	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) a), c), e) GDPR, Art. 12 GDPR, Art. 13 GDPR
2022-12-01	Amazon Italia Logistica s.r.l.	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with subjects' rights protection safeguards	-- Articles: Art. 12 GDPR, Art. 15 GDPR
2022-11-21	ING BANK NV Amsterdam Sucursala București	€20K	GDPR	Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)	Romania	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 (1), (2) GDPR
2018-12-01	Unknown	€20K	GDPR	Data Protection Authority of Hamburg	Germany	Information obligation non-compliance	A data breach was not notified in time and the affected subjects were not made a... A data breach was not notified in time and the affected subjects were not made aware. Articles: Art. 83 (4) a) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR
2019-01-01	https://datenschutz-hamburg.de/assets/pdf/28._Taetigkeitsbericht_Datenschutz_2019_HmbBfDI.pdf	€20K	GDPR	Data Protection Authority of Hamburg	Germany	Failure to implement sufficient measures to ensure information security	HVV GmbH had not reported a data breach to the data protection authority in due ... HVV GmbH had not reported a data breach to the data protection authority in due time. This data breach was related to the security gap in the Customer E-Service, in that that clients with an HVV card who logged in the CES could access the data of other customers by changing the URL to match their data profile. Articles: Art. 33 GDPR, Art. 34 GDPR
2022-09-06	MUXERS CONCEPT, S.L.	€20K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR
2022-05-12	Bazar di Hu Xiaoyan	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 13 GDPR, Art. 114 Codice della privacy
2020-10-26	Università Campus Bio-medico di Roma (Polyclinic)	€20K	GDPR	Italian Data Protection Authority (Garante)	Italy	--	-- Articles: Art. 5 (2) a), f) GDPR, Art. 9 GDPR
2021-06-07	Radiotelevision del principado de Asturias	€20K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) c) GDPR, Art. 12 GDPR
2020-11-25	Gnosjo Municipality	€20K	GDPR	Data Protection Authority of Swedenlop	Sweden	Failure to comply with data processing principles	-- Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 35 GDPR, Art. 36 GDPR
2020-01-01	Unknown	€19K	GDPR	Czech Data Protection Authority (UOOU)	Czech Republic	Multiple	-- Articles: Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 12 (2), (3), Art. 15 GDPR, Art. 16 GDPR, Art. 17 GDPR, Art. 18 GDPR, Art. 19 GDPR, Art. 20 GDPR, Art. 21 GDPR, Art. 22 GDPR
2021-01-05	Unknown	€19K	GDPR	Polish National Personal Data Protection Office (UODO)	Poland	Failure to notify DPA of a data breach	-- Articles: Art. 34 (1), (2) GDPR, Art. 58 (2) e) GDPR
2020-12-04	Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A.	€19K	GDPR	Polish National Personal Data Protection Office (UODO)	Poland	Failure to notify DPA of a data breach	-- Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR

PreviousPage 31 of 82Next