Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-05-18 | SCF ZHY, SL | €600 | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | --Articles: Art. 13 GDPR |
| 2022-07-05 | Private Individual | €600 | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 13 GDPR |
| 1970-01-01 | Alza.cz a.s. | €588 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | The company acquired a photocopy of a person’s ID card with the personR...The company acquired a photocopy of a person’s ID card with the person’s consent but continued to use and process the personal data even after the affected person had withdrawn their consent. Articles: Art. 6 GDPR, Art. 7 GDPR |
| -- | Alza.cz a.s. | €588 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 7 GDPR |
| 2019-02-28 | Not available | €582 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-02-28 | Not available | €582 | GDPR | Czech Data Protection Authority (UOOU) | Czech Republic | Failure to implement sufficient measures to ensure information security | The data processing was conducted in a way that didn’t ensure the appropri...The data processing was conducted in a way that didn’t ensure the appropriate security of the data itself. Meaning that anyone could access or alter it in an irreversible way (deletion, destruction). Articles: Art. 32 GDPR |
| 2020-07-23 | Forbes Hungary | €560 | GDPR | Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) | Hungary | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2020-06-09 | Chenming Ye (Bazar Real) | €540 | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Information obligation non-compliance | --Articles: Art. 13 GDPR, Art. 14 GDPR |
| 2022-09-07 | Sulkowice Cultural Center | €530 | GDPR | Polish National Personal Data Protection Office (UODO) | Poland | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 28 (1), (3), (9) GDPR |
| 2019-10-07 | BD | €511 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Lack of cooperation with Data Protection Authority | --Articles: Art. 31 GDPR |
| 2019-10-28 | Employer | €511 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 (3) GDPR, Art. 15 (1) GDPR |
| 2019-10-28 | Employer | €511 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with subjects' rights protection safeguards | A company was fined with €511 because it refused to give access to the personal ...A company was fined with €511 because it refused to give access to the personal data of an employee who submitted an application to receive access to their personal data. Articles: Art. 12 (3) GDPR, Art. 15 (1) GDPR |
| 2019-10-07 | BD | €511 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Lack of cooperation with Data Protection Authority | BD was fined with €511 because it failed to provide access to information which ...BD was fined with €511 because it failed to provide access to information which the national DPA requested in order to resolve a complaint. Articles: Art. 31 GDPR |
| 2019-04-08 | Medical service providers | €510 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 9 (1) GDPR, Art. 9 (2) GDPR, Art. 6 (1) GDPR |
| 2019-04-08 | Medical service providers | €510 | GDPR | Data Protection Commission of Bulgaria (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | The medical centers unlawfully processed personal data of the subject G.B. Softw...The medical centers unlawfully processed personal data of the subject G.B. Software was used to generate the registration form for changing the GP, and it went ahead to the Regional Health Insurance Fund. After it arrived at another medical center, it was concluded that all parts had taken part in the unlawful processing of data. Articles: Art. 5 (1) a) GDPR, Art. 9 (1) GDPR, Art. 9 (2) GDPR, Art. 6 (1) GDPR |
| 1970-01-01 | Unknown | €500 | GDPR | Data Protection Authority of Hamburg | Germany | Non-compliance with lawful basis for data processing | Not available.Not available. Articles: Art. 6 GDPR |
| 2018-05-12 | Bank | €500 | GDPR | Bulgarian Commission for Personal Data Protection (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | The bank was fined 500 EUR for calling a client about the unresolved bills of hi...The bank was fined 500 EUR for calling a client about the unresolved bills of his neighbor. The client then invoked his right to be forgotten, which the bank ignored at first. Another motion was started, and the client complained to the KZLD. Apparently, the bank hadn’t requested consent from the subject when processing his data. Articles: Art. 5 (1) b) GDPR, Art. 6 GDPR |
| 2020-07-21 | Apartment building owners association | €500 | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 32 GDPR |
| 2022-05-12 | Private Individual | €500 | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR |
| 2022-04-07 | Property owner’s association | €500 | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Non-cooperation with Data Protection Authority | --Articles: Art. 58 (1), a), e) GDPR |
| 2019-11-29 | Homeowners Association | €500 | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-07-27 | Website operator | €500 | GDPR | Spanish Data Protection Authority (AEPD) | Spain | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 13 GDPR |
| 2018-05-12 | Bank | €500 | GDPR | Bulgarian Commission for Personal Data Protection (KZLD) | Bulgaria | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) b) GDPR, Art. 6 GDPR |
| 2022-01-01 | Homeowners Association | €500 | GDPR | Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Romania | Failure to comply with data processing principles | --Articles: Art. 5 (1) e) GDPR |
| -- | Unknown | €500 | GDPR | Data Protection Authority of Hamburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |