Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2023-02-28 | GRUP NORCONSULTING, S.L. | €15K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 GDPR, Art. 17 GDPR |
| 2020-08-04 | Mapei S.p.A | €15K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR |
| 2021-06-03 | PURPLE SEA MΟΝΟΠΡΟΣΩΠΗ ΙΚΕ | €15K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 5 (2) GDPR |
| 2022-05-16 | Arbeidstilsynet | €15K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) e) GDPR |
| 2022-01-13 | Azienda sanitaria unica regionale Marche | €14K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR, Art. 35 GDPR |
| 2020-03-10 | Gladsaxe Municipality | €14K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | A computer that belonged to the administration of the municipality was stolen. T...A computer that belonged to the administration of the municipality was stolen. The computer was not encrypted and it included the personal identification numbers of 20,620 residents. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-12-10 | Hora Credit IFN SA | €14K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | Three fined were issued on Hora Credit IFN SA because personal data of an indivi...Three fined were issued on Hora Credit IFN SA because personal data of an individual was transmitted through email to a third party. The following investigation revealed that the company processed personal data without any means to validate the accuracy and authenticity of the data collected and processed. The operator also did not employ enough technical and organizational measures to protect the collected personal data. The case was made worse by the fact that the company did not notify the ANSPDCP after the data breach was discovered, as required by the law. The three fined issued were of €3,000, €10,000 and €1,000 for all the three issues of non-compliance discovered by the ANSPDCP. Articles: Art. 5 GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2020-03-10 | Gladsaxe Municipality | €14K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-12-10 | Hora Credit IFN SA | €14K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2019-01-01 | Doctor | €14K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | The data controller could not provide access to personal information to a patien...The data controller could not provide access to personal information to a patient because the dossier could not be identified. The patient complained to the Commissioner about this, and the hospital was fined 5.000 Euros. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-01-01 | Doctor | €14K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-09-25 | Odin Flissenter AS | €14K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-10-27 | Car Importer | €14K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR |
| 2022-03-02 | Company | €14K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (2) GDPR, Art. 6 (1) GDPR, Art. 12 (2) GDPR, Art. 17 (1) b) GDPR |
| 2021-12-16 | Municipality of Frederiksberg | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-02-12 | IDdesign A / S (update) | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 5 (2) GDPR |
| 2022-05-12 | Civilstyrelsen | €13K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR, Art. 33 GDPR |
| 2023-04-04 | Company | €13K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Insufficient fulfilment of data subjects rights | --Articles: Art. 12 GDPR, Art. 13 GDPR |
| 2021-10-13 | Unknown | €13K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Insufficient involvement of data protection officer | --Articles: Art. 38 (1) GDPR, Art. 39 (1) b) GDPR |
| 2020-06-25 | Department of Home Affairs | €13K | GDPR | Information Commissioner of Isle of Man | Isle of Man | Failure to comply with processing principles | --Articles: Art. 12 GDPR, Art. 15 GDPR |
| 2019-04-25 | Sports association | €13K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-04-25 | Sports association | €13K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | The sports association published personal data related to judges who had receive...The sports association published personal data related to judges who had received judicial licenses online. Moreover, the exact addresses and PESEL numbers of these judges became public. As the sports association acted outside the law, fines were in order. However, there were mitigating circumstances in that the sports association immediately noticed its mistakes and attempted to remove the data from the public domain. Still, these attempts were ineffective, and a penalty was issued. The 585 judges had suffered no damage because of this, so the penalty was adjusted by the president of the Office of Competition and Consumer Protection. Articles: Art. 6 GDPR |
| 2023-05-04 | Political party | €13K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2020-05-22 | Unknown Company | €13K | GDPR | Deputy Data Protection Ombudsman | Finland | Failure to comply with data processing principles | --Articles: Art. 5 GPDR, Art. 6 GDPR |
| 2021-01-01 | Energy Supplier | €13K | GDPR | Data Protection Authority of Saxony | Germany | Unknown | --Articles: Unknown |