Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-10-01 | Town of Kerepes | €15K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | The Hungarian National Authority for Data Protection and the Freedom of Informat...The Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) concluded that the local authority of the city of Kerepes didn’t follow GDPR regulations when it installed a security camera. The Authority explained that the processing of the data was not in accordance with provisions of the GDPR. Articles: Art. 6 (1) GDPR |
| 2020-08-04 | Mapei S.p.A | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR |
| 2020-12-15 | HH Invest SIA | €15K | GDPR | Data State Inspectorate (DSI) | Latvia | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR |
| 2020-07-02 | Mapei S.p.A. | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR |
| 2020-03-09 | Gesthotel Activos Balagares | €15K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The complainant explained that they had sent a letter to the management of the h...The complainant explained that they had sent a letter to the management of the hotel and union delegates that contained information related to an episode of alleged harassment in relation to a medical condition. The hotel management then read the contents of the letter in a meeting with other employees. This constituted a violation of the principle of integrity and confidentiality. Articles: Art. 5 (1) f) GDPR |
| 2019-07-02 | World Trade Center Bucharest SA | €15K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-12-30 | A&G Couriers Limited T/A Fastway Couriers (Ireland) | €15K | GDPR | Data Protection Authority of Ireland | Ireland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) GDPR |
| 2022-01-18 | Garlex Solutions, S.L. | €15K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 GDPR |
| 2020-01-13 | Allseas Marine S.A. | €15K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | The company unlawfully introduced a video surveillance system at the workplace t...The company unlawfully introduced a video surveillance system at the workplace to monitor employee activity. The Hellenic Data Protection Authority (HDPA) argued that the installation of the system was unlawful because the employees were not notified of the existence of the system. Articles: Art. 5 (1) a), (2) GDPR |
| 2020-10-21 | Vilnius City Municipality Administration | €15K | GDPR | Lithuanian Data Protection Authority (VDAI) | Lithuania | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) d) GDPR, Art. 5 (1) f) GDPR |
| 2022-07-26 | TELEFONICA MOVILES ESPANA, S.A.U. | €15K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2020-01-13 | Allseas Marine S.A. | €15K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a), (2) GDPR |
| 2019-12-17 | Legal information wesbite | €15K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with lawful basis for data processing | A website that provided legal information and news only had its privacy policy p...A website that provided legal information and news only had its privacy policy page available in English, even though it was also addressing the French and Dutch-speaking markets. Also, the privacy policy page was not easily accessible and did not mention the legal basis for the processing of data, as required by the GDPR. The website also used Google Analytics without effective consent. Articles: Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR |
| 2021-06-11 | Unknown | €15K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Failure to appoint data protection officer | --Articles: Art. 38 (1), (3) GDPR, Art. 39 (1) a), b) GDPR |
| 2019-12-17 | Legal information wesbite | €15K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR |
| 2022-10-06 | Servizio Idrico Integrato S.c.p.a. | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-11-10 | Poliambulatorio Radiologico “il Sorriso” S.r.l. | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art, 5 GDPR, Art. 13 GDPR, Art. 37 GDPR |
| 2022-09-09 | School | €15K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 30 GDPR |
| 2020-12-01 | Unknown | €15K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 14 (1), (2) GDPR, Art. 12 (3) GDPR, Art. 6 GDPR, Art. 5 (1) c), (2) GDPR, Art. 24 (1), (2) GDPR |
| 2020-03-09 | Gesthotel Activos Balagares | €15K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR |
| 2020-03-24 | CP&A | €15K | GDPR | Dutch Supervisory Authority for Data Protection (AP) | Netherlands | Failure to implement sufficient measures to ensure information security | --Articles: Art. 9 GDPR, Art. 32 GDPR |
| 2022-04-07 | Rebirth s.r.l. | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 13 GDPR, Art. 114 Codice della privacy, Art. 157 Codice della privacy |
| 2020-07-09 | Proleasing Motors SRL | €15K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-10-19 | Social Insurance Services of the Ministry of Labor, Welfare and Social Insurance | €15K | GDPR | Bank of Cyprus Public Company Ltd | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 15 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2019-07-02 | World Trade Center Bucharest SA | €15K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | A printed checklist used to verify the attendance of breakfast customers (approx...A printed checklist used to verify the attendance of breakfast customers (approx. 46 clients) was photographed by unauthorized people. As a result, the personal data of those clients was disclosed to the public. The operator working for the hotel was sanctioned because of insufficient security measures. Articles: Art. 32 GDPR |