Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-05-22 | Unknown Company | €13K | GDPR | Deputy Data Protection Ombudsman | Finland | Failure to comply with data processing principles | --Articles: Art. 5 GPDR, Art. 6 GDPR |
| 2021-01-01 | Energy Supplier | €13K | GDPR | Data Protection Authority of Saxony | Germany | Unknown | --Articles: Unknown |
| 2022-07-06 | Głównego Geodetę Kraju | €12K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 1970-01-01 | Restaurant | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The restaurant wanted to sanction an employee using images taken by another empl...The restaurant wanted to sanction an employee using images taken by another employee in the restaurant, to be used as evidence. Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2020-10-23 | Recambios Villalegre S.L. | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 GDPR, Art. 13 GDPR |
| -- | ALBERTO FORTE COMPSITE, S.L. | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 35 GDPR |
| 2021-02-04 | Orthodontic Clinic | €12K | GDPR | Dutch Supervisory Authority for Data Protection (AP) | Netherlands | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) GDPR |
| 2022-10-20 | Comune di Salento | €12K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b), e) GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 30 GDPR |
| 2022-10-14 | SEAN SERIOS S.L. | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2021-12-08 | Unknown | €12K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (3) GDPR, Art. 14 (1), (2), (3) GDPR, Art. 15 GDPR, Art. 17 (1) c) GDPR, Art. 21 (2) GDPR |
| 2022-05-22 | Comune di Napoli Corpo di Polizia Municipale | €12K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 88 GDPR, Art. 113 Codice della privacy |
| 2019-01-21 | Madrileña Red de Gas | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| -- | Restaurant | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2019-01-21 | Madrileña Red de Gas | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | The gas company did not have the necessary technical measures in place to verify...The gas company did not have the necessary technical measures in place to verify the identity of the subjects’ data. It was alleged by a third party that the company emailed their information to a third party in regards to a request. Articles: Art. 32 GDPR |
| 2020-07-10 | Vodafone Espana, SAU | €12K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 GDPR |
| 2021-10-18 | HIV Scotland | €12K | GDPR | Information Commissioner (ICO) | United Kingdom | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR |
| 2019-09-03 | Commercial representative of telecommunication service provider | €12K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR |
| 2019-09-03 | Commercial representative of telecommunication service provider | €12K | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | A fine of €11,760 was issued on the commercial representative of a national tele...A fine of €11,760 was issued on the commercial representative of a national telecommunications provider due to the unlawful processing of the personal data of a client. The commercial representative unlawfully processed the data of a client with the goal of closing a contract for mobile telephoning services. Articles: Art. 6 (1) GDPR |
| 2020-05-12 | Örebro County Health and Medical Board | €11K | GDPR | Data Protection Authority of Sweden | Sweden | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-09-08 | Warsaw University of Life Sciences | €11K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2023-03-01 | Housing Cooperative | €11K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Insufficient fulfilment of data breach notification obligations | --Articles: Art. 33 (1) GDPR, Art. 34 (1) GDPR |
| 2021-09-29 | Territorial Administration of the Government of Genoa | €11K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) Art. 6 (2) GDPR, Art. 6 (3) b) GDPR GDPR, Art. 2-ter (1), (3) Codice della privacy |
| 2019-11-25 | Fan Courier Express SRL | €11K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-11-25 | Fan Courier Express SRL | €11K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | Fan Courier Express SRL, which is a national courier service, was given an €11,0...Fan Courier Express SRL, which is a national courier service, was given an €11,000 fine because it failed to take appropriate technical and organizational measures to prevent the loss of personal data (name, bank card number, CVV code, cardholder’s address, personal identification number, serial and identity card number, bank account number, authorized credit limit) of over 1100 private individuals. Articles: Art. 32 GDPR |
| 2019-07-31 | Private individual (football coach) | €11K | GDPR | Austrian Data Protection Authority (DSB) | Austria | Non-compliance with lawful basis for data processing | A soccer coach was fined for having covertly filmed female players while they we...A soccer coach was fined for having covertly filmed female players while they were taking showers. This had taken place for many years. Articles: Art. 6 GDPR |