Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2019-03-01 | Newspaper | €10K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | A newspaper was fined €10,000 after it had published both in electronic and phys...A newspaper was fined €10,000 after it had published both in electronic and physical form the names and pictures of three police investigators. The Cypriot Data Protection Commissioner considered that it would have been enough to publish only the initials of the police officers or photographs from which it would not have been possible to identify the three officials, such as using blurred faces. Articles: Art. 6 GDPR |
| 2019-09-17 | Merchant | €10K | GDPR | Belgian Data Protection Authority (APD) | Belgium | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2019-03-21 | Not available | €10K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | The data processing had breached the storage limitation and data minimization pr...The data processing had breached the storage limitation and data minimization principles of the GDPR. Articles: Art. 5 (1) c) GDPR, Art. 5 (1) e) GDPR |
| 2019-03-21 | Not available | €10K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 5 (1) e) GDPR |
| 2022-03-15 | Unknown company | €10K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 13 GDPR, Art. 21 GDPR |
| 2021-01-06 | Lindstrand Trading AS | €10K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-01-19 | Aquateknikk AS | €10K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-08-01 | LAST LAP, S.L. | €10K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2022-11-30 | PIONIER (law firm) | €10K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1), a) GDPR, Art. 6 (1) GDPR, Art. 9 GDPR |
| 2021-08-12 | Waxing Palace AS | €10K | GDPR | Norwegian Supervisory Authority (Datatilsynet) | Norway | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR |
| 2019-04-17 | Not disclosed | €9K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2019-04-17 | Not disclosed | €9K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | The data controller had no legal basis to process data in conformity with art 6....The data controller had no legal basis to process data in conformity with art 6.1.b, related to the claims. Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2019-10-18 | Polish Mayor | €9K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | No data processing agreement has been concluded with the company whose servers c...No data processing agreement has been concluded with the company whose servers contained the resources of the Public Information Bulletin (BIP) of the Municipal Office in Aleksandrów Kujawski. For this reason, a fine of 40.000 PLN (9400 EUR) was imposed on the mayor of the city. Articles: Art. 28 GDPR |
| 2019-10-18 | Polish Mayor | €9K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with lawful basis for data processing | --Articles: Art. 28 GDPR |
| 2019-09-26 | Inteligo Media SA | €9K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 (1) a) GDPR |
| 2022-04-18 | JIMBO NETWORKS, S.L. | €9K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 13 GDPR, Art. 22 (2) LSSI |
| 2022-10-25 | EL RACO DEL PIS INVERSIONES S.L. | €9K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-05-08 | Private individual | €9K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |
| 2020-01-13 | Government agency | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | The government agency was fined due to granting the police access to data and fa...The government agency was fined due to granting the police access to data and failing to implement adequate measures to secure the data, even after being warned by the national DPA. Articles: Art. 32 GDPR |
| 2019-09-26 | Inteligo Media SA | €9K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | An operator utilized an unfilled checkbox through which users could request that...An operator utilized an unfilled checkbox through which users could request that they do not receive any emails from the company. Since they couldn’t do that, they continued receiving information via email. Articles: Art. 5 (1) a) GDPR, Art. 6 (1) a) GDPR |
| 2020-03-10 | Breiðholt School | €9K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2023-01-01 | Magdeburg University Hospital | €9K | GDPR | Data Protection Authority of Sachsen-Anhalt | Germany | Failure to notify DPA of a data breach | --Articles: Art. 33 GDPR |
| 2023-05-02 | NAGA Markets Europe Ltd | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 (1) b), d) GDPR |
| 2021-09-13 | Website operator | €9K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 13 GDPR |
| 2020-01-13 | Government agency | €9K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |