Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-01-01 | Police Officer | €2K | GDPR | Data Protection Authority of Berlin | Germany | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-04-18 | Website operator | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) GDPR, Art. 13 GDPR, Art. 22 (2) LSSI |
| 2021-08-23 | Agency | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-04-18 | FLORAQUEEN FLOWERING THE WORLD S.L. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (1) GDPR |
| 2020-03-03 | Solo Embrague | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | --Articles: Art. 13 GDPR |
| 2020-03-03 | Solo Embrague | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | The website of the company did not contain a privacy policy or a cookie banner.The website of the company did not contain a privacy policy or a cookie banner. Articles: Art. 13 GDPR |
| 2022-11-25 | ALPA 57 PRODUCCIONES, S.L. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (1) GDPR |
| 2019-11-01 | L. Sp z o.o. | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), f) GDPR |
| 2019-08-08 | Government Office Managing the Real Estate Register | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 14 GDPR |
| 2022-08-30 | Bazar Pekin | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR, Art. 30 GDPR |
| 2022-11-02 | Mayor | €2K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 25 (1) GDPR, Art. 32 (1), (2) GDPR |
| 2020-07-23 | Employer | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Information obligation non-compliance | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 17 GDPR |
| 2022-05-31 | Coron Island SLU | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-02-14 | RECLAMADOR, S.L. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | --Articles: Art. 17 GDPR, Art. 21 LSSI |
| 2022-01-01 | Physician | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 12 (2) GDPR, Art 13 (1) GDPR |
| 2022-07-12 | JOYPAZAR, S.A. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2023-03-09 | Deca S.R.L. | €2K | GDPR | Italian Data Protection Authority (Garante) | Italy | Insufficient fulfilment of data subjects rights | --Articles: Art. 12 GDPR, Art. 15 GDPR |
| 2020-11-16 | Homeowners Association | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2019-12-10 | Megastar SL | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | The company was fined because it operated a video surveillance system that had a...The company was fined because it operated a video surveillance system that had an observation angle that extended too far into the public traffic area. The video surveillance system was also not accompanied by any data protection notices. Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |
| 2019-12-10 | Megastar SL | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |
| 2019-02-20 | Unknown company | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (1) a) GDPR, Art. 5 (1) c) GDPR |
| 2019-02-08 | A bank | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 (1) d) GDPR |
| 2019-02-08 | A bank | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to comply with data processing principles | The bank erroneously sent the subject’s credit card data to another person via S...The bank erroneously sent the subject’s credit card data to another person via SMS. Despite the data subject’s request to erase the data, the bank continued to send SMS messages to that incorrect telephone number. The bank was fined about 0.00016% of the annual net revenue. Articles: Art. 5 (1) d) GDPR |
| 2019-02-20 | Unknown company | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to comply with data processing principles | A data subject requested the erasure of the data processed by a debt collector w...A data subject requested the erasure of the data processed by a debt collector who requested further personal information to identify the subject. After being provided with said information (place of birth, mother’s maiden name, etc), the debt collector stated that he could not comply with the request. The debt collector invoked the Accountancy Act and other internal policies for why he was obliged to retain backup data copies. The NAIH issued a fine because the data controller had not informed the subject about these policies. Articles: Art. 5 (1) a) GDPR, Art. 5 (1) c) GDPR |
| 2021-11-12 | Unknown company | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR |