Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

Regulation

Country

Year

Min Fine (USD)

Sort

2,028 fines found

Total: $8.1B

Date	Company	Fine	Regulation	Authority	Country	Type	Summary
2020-12-03	Municipality of Indre Østfold	€19K	GDPR	Norwegian Supervisory Authority (Datatilsynet)	Norway	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 6 GDPR, Art. 32 (1) b) GDPR
2021-10-13	Unknown	€19K	GDPR	National Commission for Data Protection (CNPD)	Luxembourg	Insufficient involvement of data protection officer	-- Articles: Art. 37 (7) GDPR, Art. 38 (1), (2) GDPR, Art. 39 (1) b) GDPR
2020-04-29	National Government Service Centre (NGSC)	€19K	GDPR	Data Protection Authority of Sweden	Sweden	Insufficient fulfilment of data breach notification obligations	-- Articles: Art. 33 GDPR, Art. 34 GDPR
2021-10-27	Company	€19K	GDPR	National Commission for Data Protection (CNPD)	Luxembourg	No data protection officer appointed	-- Articles: Art. 37 (7) GDPR, Art. 38 (1), (3) GDPR, Art. 39 (1) b) GDPR
2019-08-20	Skellefteå school	€19K	GDPR	Data Protection Authority of Sweden	Sweden	Non-compliance with lawful basis for data processing	A school attempted to introduce the use of facial recognition software to facili... A school attempted to introduce the use of facial recognition software to facilitate the attendance process of students. The school was ultimately fined because the means used to monitor attendance were disproportionate to the goal itself. Moreover, students and their parents couldn’t freely withdraw consent from being monitored to validate attendance. Furthermore, one case of processing activity presented elevated risks since it involved children dependent on the high-school board. Ultimately, the school didn’t observe Art. 35 of the GDPR. Articles: Art. 5 (1) c) GDPR, Art. 9 GDPR, Art. 35 GDPR, Art. 36 GDPR
2019-08-20	Skellefteå school	€19K	GDPR	Data Protection Authority of Sweden	Sweden	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) c) GDPR, Art. 9 GDPR, Art. 35 GDPR, Art. 36 GDPR
2023-04-04	ENFOKA SISTEMAS GLOBALES, S.L.	€18K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR
2021-05-31	Unknown	€18K	GDPR	National Commission for Data Protection (CNPD)	Luxembourg	Failure to appoint data protection officer	-- Articles: Art. 38 (1), (2) GDPR, Art. 39 (1) a) GDPR
2021-01-14	Azienda Usl di Bologna	€18K	GDPR	Italian Data Protection Authority (Garante)	Italy	Non-compliance with lawful basis for data processing	-- Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR
2021-09-20	CEDICO	€18K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR
2022-05-17	Ramona Films, SL	€18K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-cooperation with Data Protection Authority	-- Articles: Art. 58 (1) GDPR
2023-01-17	Dalarna Region	€18K	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 (1) GDPR
2023-04-26	Skåne region	€18K	GDPR	Data Protection Authority of Sweden	Sweden	Failure to implement sufficient measures to ensure information security	-- Articles: Art. 32 (1) GDPR
2022-01-01	Bank of Cyprus Public Company Ltd.	€17K	GDPR	Cypriot Data Protection Commissioner	Cyprus	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR, Art. 24 (1) GDPR, Art. 32 GDPR
--	Mercadona S.A.	€17K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 GDPR, Art. 12 GDPR, Art. 15 GDPR
2022-01-01	Covid-19 Test Center	€16K	GDPR	Data Protection Authority of Hessen	Germany	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR, Art. 33 (1), (5) GDPR
2022-12-15	HOSPITAL RECOLETAS PONFERRADA , S.L.	€16K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR, Art. 15 GDPR
2020-05-22	Kymen Vesi Oy	€16K	GDPR	Deputy Data Protection Ombudsman	Finland	Non-compliance with lawful basis for data processing	-- Articles: Art. 35 GDPR
2021-10-26	Servicios Logisticos Martorell Siglo XXL, S.L.	€16K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 35 GDPR
2022-04-29	LABORATORIOS GONAZALEZ, S.L.	€16K	GDPR	Spanish Data Protection Authority (AEPD)	Spain	Failure to comply with data processing principles	-- Articles: Art. 5 (1) f) GDPR
2022-05-26	Region of Tuscany	€16K	GDPR	Italian Data Protection Authority (Garante)	Italy	Failure to comply with data processing principles	-- Articles: Art. 5 (1) c) GDPR, Art. 6 (1) c) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 2-ter (1), (3) Codice della privacy
2021-10-27	Unknown	€15K	GDPR	National Commission for Data Protection (CNPD)	Luxembourg	Failure to appoint data protection officer	-- Articles: Art. 38 (1), (3) GDPR, Art. 39 (1) a), b) GDPR
2019-06-25	Budapest Police Command	€15K	GDPR	Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)	Hungary	Information obligation non-compliance	The data controllers didn’t exert sufficient rigorousness when handling personal... The data controllers didn’t exert sufficient rigorousness when handling personal client data, which led to the displacement of a flash memory stick with personal data. Articles: Art. 33 GDPR
2019-06-25	Budapest Police Command	€15K	GDPR	Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)	Hungary	Information obligation non-compliance	-- Articles: Art. 33 GDPR
2019-10-01	Town of Kerepes	€15K	GDPR	Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)	Hungary	Non-compliance with lawful basis for data processing	-- Articles: Art. 6 (1) GDPR

PreviousPage 32 of 82Next