Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2020-07-10 | East Power Sp. z o.o. | €3K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2022-01-01 | Company | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Unknown | --Articles: Unknown |
| 2020-12-11 | Cosmetic Medical Limited | €3K | GDPR | Information Commissioner of Isle of Man | Isle of Man | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR |
| 2023-02-03 | Epic Ltd. | €3K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 24 (1), (2) GDPR, Art. 32 (1) GDPR |
| 2018-12-18 | Not disclosed | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to implement sufficient measures to ensure information security | The data subject was not given access to CCTV recordings and was not informed th...The data subject was not given access to CCTV recordings and was not informed that he could complain to the supervisory authority about the data controller’s refusal to retain the recordings. Articles: Art. 12 (4) GDPR, Art. 15 GDPR, Art. 18 (1) c) GDPR, Art. 13 GDPR |
| 2019-02-28 | Kecskemét Mayor's Office | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2018-12-18 | Not disclosed | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to implement sufficient measures to ensure information security | --Articles: Art. 12 (4) GDPR, Art. 15 GDPR, Art. 18 (1) c) GDPR, Art. 13 GDPR |
| 2019-03-04 | Not disclosed | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with subjects' rights protection safeguards | The financial institution refused the data erasure request of a customer, arguin...The financial institution refused the data erasure request of a customer, arguing that it was in the institution’s best interests to retain the phone number, given that the customer had debts. However, the NAIH argued that the creditor could communicate with the debtor by post, and the phone number was unnecessary. The financial institution had broken the data minimization and purpose limitation principles. A fine was issued equal to 0.025% of the institution’s annual net revenue. Articles: Art. 5 (1) b) GDPR, Art. 5 (1) c) GDPR, Art. 13 (3) GDPR, Art. 17 (1) GDPR, Art. 6 (4) GDRP |
| 2020-03-06 | Retailer | €3K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | --Articles: Art. 13 GDPR, Art. 14 GDPR |
| 2019-03-04 | Not disclosed | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 (1) b) GDPR, Art. 5 (1) c) GDPR, Art. 13 (3) GDPR, Art. 17 (1) GDPR, Art. 6 (4) GDRP |
| 2019-02-28 | Kecskemét Mayor's Office | €3K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | The fine was issued after the Mayor’s Office unlawfully disclosed personal infor...The fine was issued after the Mayor’s Office unlawfully disclosed personal information related to a whistleblower. The individual complained to the NAIH about his employer. Afterward, the company requested information about the complaint, and the Mayor’s Office “accidentally” released the name of the complainant. The individual was fired as a result. Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR |
| 2022-12-06 | Retailer | €3K | GDPR | Croatian Data Protection Authority (AZOP) | Croatia | Insufficient fulfilment of information obligations | --Articles: Art. 27 (2) Croatian Act on the Implementation of the GDPR |
| 1970-01-01 | UniCredit Bank | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | UniCredit Bank opened a bank account for a person who has not requested any acco...UniCredit Bank opened a bank account for a person who has not requested any account to be opened. The bank allegedly had his personal data at their disposal because the affected person was responsible for closing a bank account operated by his employer. The bank was requested to prove that it had consent from the data subject to process his personal data but was unable to provide this proof. Articles: Art. 6 GDPR |
| -- | UniCredit Bank | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-05-13 | Not known | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Not known | Not available.Not available. Articles: Art. 5 (1) a) GDPR, Art. 5 (1) b) GDPR, Art. 32 (1) GDPR |
| 2019-05-13 | Not known | €3K | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Not known | --Articles: Art. 5 (1) a) GDPR, Art. 5 (1) b) GDPR, Art. 32 (1) GDPR |
| 2023-03-14 | Tinmar Energy SA | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b) GDPR, Art. 32 (2) GDPR |
| 2020-02-11 | Vodafone Romania | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 2022-06-30 | Company | €3K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR |
| 2020-12-30 | ING Bank | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a)-d) GDPR, Art. 6 (1) GDPR |
| 2020-03-25 | Enel Energie | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | Enel Energie sent a client an email that contained the personal information of a...Enel Energie sent a client an email that contained the personal information of another client, failing to employ the necessary organizational and technical measures. Articles: Art. 32 GDPR |
| 2020-11-10 | Miguel Ibáñez Bezanilla, S.L. | €3K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 13 GDPR, Art. 32 GDPR |
| 2020-09-30 | Venu Sanz Chef, S.L. | €3K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-10-01 | Megareduceri TV S.R.L. | €3K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with Data Processing Authority's orders | --Articles: Art. 31 GDPR, Art. 58 GDPR |
| 2022-06-03 | Lodeju, S.L. | €3K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |