Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-02-21 | RESTAURANTE FUENTEBRO, S.C. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR |
| 2022-01-17 | Private individual | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR |
| 2022-01-31 | Property Owner Association | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 6 GDPR |
| 2022-02-10 | Studio Colli Aniene Verderocca S.r.l. | €2K | GDPR | Italian Data Protection Authority (Garante) | Italy | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (3) GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 21 GDPR |
| 2022-05-17 | Private Individual | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-05-20 | Private Individual | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-06-17 | Mayr Melnhof Packaging Romania S.R.L. | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) b), c) GDPR, Art. 5 (2) GDPR, Art. 6 GDPR |
| 2022-06-08 | Wens Experience SRL | €2K | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 (2) GDPR |
| 2020-02-18 | Mymoviles Europa 2000 | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Insufficient fulfilment of information obligations | The Spanish Data Protection Authority determined that the company did not publis...The Spanish Data Protection Authority determined that the company did not publish a privacy statement on its website and the short legal notice that was posted was not enough to properly identify the company and explain its data processing policies. Articles: Art. 13 GDPR |
| 2020-02-04 | Cafetería Nagasaki | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with lawful basis for data processing | According to the AEPD, Cafetería Nagasaki did not comply with its obligations un...According to the AEPD, Cafetería Nagasaki did not comply with its obligations under the GDPR because it installed surveillance cameras in such a way that it also monitored the public space outside of the restaurant which also captured pedestrians on the street. Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2022-01-01 | Physician | €2K | GDPR | Cypriot Data Protection Commissioner | Cyprus | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR |
| 2019-12-03 | Cerrajeria Verin S.L. | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | The company was fined because it collected personal data without providing accur...The company was fined because it collected personal data without providing accurate information about its data processing activities on their privacy policy page on their website. Articles: Art. 13 GDPR |
| 2019-12-11 | Unknown | €2K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | A company did not delete a former employee’s private emails and as such, i...A company did not delete a former employee’s private emails and as such, it was determined that it processed private data without a legal basis. The company also was found to exceed data retention requirements. As per Hungarian laws, the name of the fined company was not disclosed by the national data protection authority. Articles: Art. 6 GDPR |
| 2019-11-06 | Cerrajero Online | €2K | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | The company collected personal data without accurate information regarding the c...The company collected personal data without accurate information regarding the collection of this data. Articles: Art. 13 GDPR |
| 2022-08-31 | Unknown | €1K | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-cooperation with Data Protection Authority | --Articles: Art. 31 GDPR, Art. 58 (1) a), e) GDPR |
| 2020-01-24 | Accounting Firm | €1K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to implement sufficient measures to ensure information security | --Articles: Art. 24 GDPR, Art. 32 GDPR |
| 2019-12-11 | Unknown Company | €1K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Non-compliance with lawful basis for data processing | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR |
| 2019-05-09 | Police Officer | €1K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2019-05-09 | Police Officer | €1K | GDPR | Data Protection Authority of Baden-Wuerttemberg | Germany | Non-compliance with lawful basis for data processing | The police officer acted outside the boundaries of the law when he used the Cent...The police officer acted outside the boundaries of the law when he used the Central Traffic Information System to find out the personal data of the license plate of an unknown person. Moreover, he then proceeded with a SARS inquiry, gathering personal data of the injured parties (mobile and home phone numbers). The police officer then contacted the wounded party. These actions were done outside his lawful prerogatives, and it is an infringement of personal data. However, he acted not in trying to exercise official duties but to satisfy personal inquiries. Therefore, the police department is not to blame. Articles: Art. 6 GDPR |
| 2022-06-30 | Company | €1K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |
| 2021-09-07 | Vodafone Ireland Limited | €1K | GDPR | Data Protection Authority of Ireland | Ireland | Non-compliance with lawful basis for data processing | --Articles: Art. 21 GDPR |
| 2021-09-07 | Vodafone Ireland Limited | €1K | GDPR | Data Protection Authority of Ireland | Ireland | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 21 GDPR |
| 2022-01-01 | Dentist | €1K | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information | Hungary | Unknown | --Articles: Unknown |
| 2022-12-13 | Company | €1K | GDPR | National Commission for Data Protection (CNPD) | Luxembourg | Non-compliance with lawful basis for data processing | --Articles: Art. 12 (1) GDPR, Art. 13 GDPR |
| 2022-01-01 | Covid-19 Test Center | €1K | GDPR | Data Protection Authority of Hamburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) c) GDPR |