Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-01-07 | Asociación de Médicos Demócratas | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-01-27 | City of Rome | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) Art. 6 (2) GDPR, Art. 6 (3) b) GDPR GDPR, Art. 2-ter (1), (3) Codice della privacy |
| 2019-12-02 | Ikea Ibérica | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2020-07-23 | El Periódico de Catalunya, S.L.U. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-08-10 | Community of Baronissi | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-02-10 | Scanshare S.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (2) GDPR, Art. 32 GDPR |
| 2022-04-02 | Εκδοτικού Οίκου Δίας | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-09-01 | Private individual | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2022-07-21 | Stay Over s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 114 Codice della privacy |
| 2023-04-04 | Real Federacion Espanola de Tenis de Mesa | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | --Articles: Art. 9 (2) GDPR |
| 2019-03-01 | Newspaper | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2023-03-23 | Informatica Alto Adige Spa | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2021-07-27 | PERSONAL MARK, S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 17 GDPR |
| 2021-12-16 | Centro di Medicina preventive s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 37 GDPR |
| 2019-12-09 | Rapidata GmbH | €10K | GDPR | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) | Germany | No data protection officer appointed | The Federal Commissioner for Data Protection and Freedom of Information (BfDI) h...The Federal Commissioner for Data Protection and Freedom of Information (BfDI) ha repeatedly requested the company to appoint a data protection officer in accordance with Article 37 GDPR but even so, Rapidata GmbH refused to do so. The company was fined with €10,000. Articles: Art. 37 GDPR |
| 2022-10-26 | ACKERMANN & SCHWARTZ ATTORNEYS AT LAW SLP | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 13 GDPR |
| 2022-06-09 | Private Individual | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2022-04-07 | Tecnomed Trento s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR, Art. 13 GDPR, Art. 29 GDPR, Art. 32 GDPR, Art. 114 Codice della privacy |
| 2021-12-17 | ASL Latina | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 6 GDPR, Art. 9 GDPR |
| 2022-10-06 | Codess Sociale, Soc. Coop. sociale. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (13), (4) GDPR, Art. 17 GDPR |
| 2019-03-21 | Unknown | €10K | GDPR | Czech Data Protection Auhtority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | The data was processed inadequately, in inobservance with the data minimization ...The data was processed inadequately, in inobservance with the data minimization and storage limitation principles of the GDPR. This means the data that was processed went beyond the relevant needs for the purpose of the processing, while also being kept in a form that permits the identification of data subjects longer than it is necessary for the purpose of the processing. Articles: Art. 5 (1) GDPR |
| 2020-08-10 | Cavauto S.R.L. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR |
| 2022-03-24 | Brav s.r.l. | €10K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-03-01 | Newspaper | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | A newspaper was fined €10,000 after it had published both in electronic and phys...A newspaper was fined €10,000 after it had published both in electronic and physical form the names and pictures of three police investigators. The Cypriot Data Protection Commissioner considered that it would have been enough to publish only the initials of the police officers or photographs from which it would not have been possible to identify the three officials, such as using blurred faces. Articles: Art. 6 GDPR |
| 2021-06-22 | TNT EXPRESS WORLDWIDE SPAIN, S.L | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) d) GDPR |