Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-02-10 | Scanshare S.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (2) GDPR, Art. 32 GDPR |
| 2022-03-10 | Azienda USL Toscana Centro | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR, Art. 9 GDPR, Art. 32 GDPR |
| 2021-03-03 | Cypriot Real Estate Registration Authority | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 31 GDPR, Art. 58 (1) e) GDPR |
| 2021-12-17 | ASL Latina | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| 2022-05-26 | Afragola Municipality | €10K | GDPR | ita | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 12 (3), (4) GDPR, Art. 2-ter Codice della privacy |
| 2022-04-02 | Εκδοτικού Οίκου Δίας | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2023-02-02 | Vodafone | €10K | GDPR | Hellenic Data Protection Authority (HDPA) | Greece | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1), (4) GDPR, Art. 13 GDPR |
| 2019-03-21 | Unknown | €10K | GDPR | Czech Data Protection Auhtority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) GDPR |
| 2023-04-04 | Real Federacion Espanola de Tenis de Mesa | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | --Articles: Art. 9 (2) GDPR |
| 2020-01-15 | Francavilla Fontana | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-10-20 | Italian Archery Federation (FITARCO) | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 GDPR, Art. 10 GDPR, Art. 2-ter Codice della privacy, Art. 2-octies Codice della privacy |
| 2020-12-17 | Comune di Luino | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Multiple | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1) a) GDPR, Art. 37 (7) GDPR |
| 2019-10-25 | Louis Travel Ltd | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | The national data protection authority determined that the company used the Brad...The national data protection authority determined that the company used the Bradford factor for profiling and monitoring sick leave and that this constituted unlawful processing of personal data. Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2021-07-27 | PERSONAL MARK, S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 17 GDPR |
| 2023-03-23 | Informatica Alto Adige Spa | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-10-25 | Louis Travel Ltd | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2022-02-10 | Region of Tuscany | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 2-ter Codice della privacy |
| 2022-09-16 | SOPHIE ET VOILA, S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-12-09 | Rapidata GmbH | €10K | GDPR | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Germany | No data protection officer appointed | --Articles: Art. 37 GDPR |
| 2022-03-24 | Brav s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-02-10 | Costampress S.p.A. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 12 GDPR, Art. 13 GDPR |
| 2020-12-02 | Losada Advocats S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-09-16 | Favrskov Municipality | €10K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2020-01-07 | Asociación de Médicos Demócratas | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-05-04 | Nationale Maatschappj der Belgische Spoorwegen | €10K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art. 12 (2) GDPR, Art. 21 (2), (3), (4) GDPR |