Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-03-08 | Hörpu tónlistar- og ráðstefnuhúss ohf. | €7K | GDPR | Icelandic Data Protection Authority ('Persónuvernd') | Iceland | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 6 GDPR |
| 2020-03-10 | Hørsholm Municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2019-08-26 | Online services provider | €7K | GDPR | Data State Inspectorate (DSI) | Latvia | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 17 GDPR |
| 2019-08-26 | Online services provider | €7K | GDPR | Data State Inspectorate (DSI) | Latvia | Non-compliance with subjects' rights protection safeguards | The merchant had ignored a client’s demands to stop processing personal data, in...The merchant had ignored a client’s demands to stop processing personal data, in particular, the phone number. The merchant had continued sending the subject advertising messages to the subject’s phone number. Articles: Art. 17 GDPR |
| 2022-10-20 | I.S.P.R.O. | €7K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 9 GDPR |
| 2021-12-02 | Società Med Store Saronno s.r.l. | €7K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-08-30 | TIMSHEL Sp. z o.o. | €7K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Insufficient cooperation with supervisory authority | --Articles: Art. 58 (1) e) GDPR |
| 2021-12-01 | Unknown | €7K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |
| 2020-06-30 | Lejre Municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 33 GDPR, Art. 34 GDPR |
| 2022-08-11 | Lolland Municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GPDR |
| 2020-05-15 | JobTeam A/S DKK | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Information obligation non-compliance | --Articles: Art. 15 GDPR |
| 2022-09-12 | Hørsholm municipality | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GDPR |
| 2022-03-25 | Danish National Genome Center | €7K | GDPR | Danish Data Protection Authority (Datatilsynet) | Denmark | Failure to implement sufficient measures to ensure information security | --Articles: Art. 36 GDPR |
| 2020-02-03 | Banco Bilbao | €7K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR |
| 2020-02-03 | Banco Bilbao | €7K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company has sent several advertising messages to a person, even after the af...The company has sent several advertising messages to a person, even after the affected person made it clear that they do not consent to their personal data to be processed. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 21 GDPR |
| 2021-12-16 | Travel Agency | €7K | GDPR | Deputy Data Protection Ombudsman | Finland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) f) GDPR, Art. 17 GDPR, Art. 25 GDPR, Art. 32 GDPR |
| 2022-01-01 | Pharmacy | €7K | GDPR | The DPA of Bremen | Germany | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR |
| 2023-01-19 | Szczecin-Centrum District Court | €6K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR, Art. 32 (1), (2) GDPR |
| 2020-12-15 | Unknown | €6K | GDPR | Data State Inspectorate (DSI) | Latvia | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-03-25 | Convitto Nazionale Statale 'Giordano Bruno' di Maddaloni (boarding school) | €6K | GDPR | Italian Data Protection Authority (Garante) | Italy | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 2-ter (1), (3) Codice della privacy |
| 2020-12-02 | Servicio de Alojamientos Responsables, S.L. | €6K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 (1) GDPR |
| 2020-03-19 | Oliveros Ustrell, S.L. | €6K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-01-01 | Hermes Airport Ltd. | €6K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Failure to implement sufficient measures to ensure information security | --Articles: Art. 24 GDPR, Art. 32 GDPR |
| 2020-01-14 | SC Enel Energie S.A. | €6K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | The fine was issued after a complaint alleging that Enel Energie had processed a...The fine was issued after a complaint alleging that Enel Energie had processed an individual’s personal data and that the natural gas and electricity company was unable to prove it obtained the individual’s consent to send email notifications. The national data protection authority also explained that the company had not taken the required measures to stop the transmission of the email notifications even after the affected person had made a request to this end. The company was fined two times €3,000. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 21 GDPR |
| 2022-01-09 | Praktiškas UAB | €6K | GDPR | Lithuanian Data Protection Authority (VDAI) | Lithuania | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 9 (1) GDPR, Art. 13 (1), (2) GDPR, Art. 30 (1), (3) GDPR, Art. 35 (1), (3) GDPR |