Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-07-31 | Private individual (football coach) | €11K | GDPR | Austrian Data Protection Authority (DSB) | Austria | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-05-03 | HEI – Medical Travel | €11K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 15 (1), (3) GDPR, Art. 9 (1) Act 90/2018, Art. 17 (2) Act 90/2018 |
| 2021-01-01 | Car trading group | €10K | GDPR | Data Protection Authority of Hamburg | Germany | Unknown | --Articles: Unknown |
| 2021-07-27 | PERSONAL MARK, S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 17 GDPR |
| 2022-08-22 | Enel Energie Muntenia S.A. | €10K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GDPR |
| 2022-06-09 | Cribis Credit Management s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 GDPR |
| 2022-02-10 | Scanshare S.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (2) GDPR, Art. 32 GDPR |
| 2019-09-19 | Merchant | €10K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Failure to comply with data processing principles | A merchant was found guilty of trying to create a customer card using an electro...A merchant was found guilty of trying to create a customer card using an electronic identity card. In doing so, the merchant would have needed access to personal information on the electronic identity card, including photo and barcode. The fine was 10.000 euros. Articles: Art. 5 (1) c) GDPR |
| 2022-06-09 | Private Individual | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-04-02 | Εκδοτικού Οίκου Δίας | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-12-02 | Ikea Ibérica | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | Ikea Ibérica was found to have installed cookies on a customer’s device wi...Ikea Ibérica was found to have installed cookies on a customer’s device without asking for permission. Articles: Art. 6 GDPR |
| 2022-03-10 | Alfa Shipyard s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (2) GDPR |
| 2022-10-20 | Italian Archery Federation (FITARCO) | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 10 GDPR, Art. 2-ter Codice della privacy, Art. 2-octies Codice della privacy |
| 2020-01-15 | Francavilla Fontana | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | The local community of Francavilla Fontana published online the details of an on...The local community of Francavilla Fontana published online the details of an ongoing court trial that included personal information such as health data of several individuals. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2023-04-04 | Real Federacion Espanola de Tenis de Mesa | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | --Articles: Art. 9 (2) GDPR |
| 2020-01-07 | Asociación de Médicos Demócratas | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The organization processed personal data of its members even after the AEPD warn...The organization processed personal data of its members even after the AEPD warned it that the processing was unlawful without the consent of the affected individuals. Articles: Art. 6 GDPR |
| 2023-03-15 | Alianța pentru Unirea Românilor | €10K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 5 (2) GDPR |
| 2022-04-28 | Italian Ministry of Defense | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 10 GDPR, Art. 2-ter Codice della privacy, Art. 2-sexies Codice della privacy, Art. 2-octies Codice della privacy |
| 2023-03-23 | Informatica Alto Adige Spa | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2020-08-10 | Cavauto S.R.L. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR |
| 2020-12-09 | Unknown | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2022-09-15 | Bper Banca S.p.A. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR |
| 2022-11-10 | I-Model s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 17 GDPR |
| 2020-07-23 | El Periódico de Catalunya, S.L.U. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-01-27 | City of Rome | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) Art. 6 (2) GDPR, Art. 6 (3) b) GDPR GDPR, Art. 2-ter (1), (3) Codice della privacy |