Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
2,028 fines found
Total: $8.1B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2021-01-01 | Political organization | €0 | GDPR | Data Protection Authority of Saarland | Germany | Unknown | --Articles: Unknown |
| 2021-01-01 | Physician | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 9 GDPR |
| 2021-01-01 | Private individual | €0 | GDPR | Austrian Data Protection Authority (DSB) | Austria | Failure to comply with data processing principles | --Articles: Art. 5 (1) a), c) GDPR |
| 2021-01-01 | Clinic | €0 | GDPR | Data Protection Authority of Berlin | Germany | Unknown | --Articles: Unknown |
| 2021-01-01 | Police department | €0 | GDPR | Data Protection Authority of Saxony | Germany | Unknown | --Articles: Unknown |
| 2021-01-01 | Unknown | €0 | GDPR | Data Protection Authority of Berlin | Germany | Unknown | --Articles: Unknown |
| 2019-07-08 | British Airways | €0 | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to implement sufficient measures to ensure information security | The ICO notified the British Airways of its intention to issue a fine worth 183....The ICO notified the British Airways of its intention to issue a fine worth 183.39 million pounds because of an alleged infringement of Art. 31 of the GDPR. The reason for this is related to an incident which the company reported in September 2018, when the British Airways website had diverted the users’ traffic to a dangerous website. The hackers in charge of this website had stolen the personal data of more than 500.000 customers. The company had poor security mechanisms to prevent such cyber-attacks from happening.<strong>Notice:</strong> British Airways is facing a fine of €204,600,000, but this is not yet final. As such, it’s not included in our statistics dashboard. Articles: Art. 32 GDPR |
| 2021-01-01 | Medicalclinic | €0 | GDPR | Data Protection Authority of Berlin | Germany | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2021-01-01 | Real estate agent | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR, Art. 12 GDPR |
| 2021-01-01 | Unknown | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Unknown | --Articles: Unknown |
| 2022-01-01 | Aid organization | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (3) GDPR, Art. 32 GDPR |
| 2022-01-01 | Restaurant operator | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Failure to comply with data processing principles | --Articles: Art. 5 GDPR, Art. 6 GDPR |
| 2019-07-09 | Marriott International, Inc | €0 | GDPR | Information Commissioner (ICO) | United Kingdom | Failure to implement sufficient measures to ensure information security | While the trial hasn’t ended yet, the ICO intends to fine the company. This is i...While the trial hasn’t ended yet, the ICO intends to fine the company. This is in accordance with Art. 32 of the GDPR, which the company allegedly infringed in a cyber-incident in November 2018. The incident involved the public exposal of personal records belonging to over 339 million people, out of which 31 million were residents of the European Economic Area. This vulnerability is believed to have been present in the Starwood hotels group, which Marriott International acquired. Due to the inappropriate and insufficient attention paid to the security of the systems, the ICO believes a fine is in order.<strong>Notice:</strong> Marriott is facing a fine of €110,390,200, but this is not yet final. As such, it’s not included in our statistics dashboard. Articles: Art. 32 GDPR |
| -- | Hamburger Volksbank eG | €0 | GDPR | Data Protection Authority of Hamburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 21 GDPR |
| 2021-01-01 | Private individual | €0 | GDPR | Data Protection Authority of Saxony | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 GDPR |
| 2021-02-22 | Security company | €0 | GDPR | Croatian Data Protection Authority (AZOP) | Croatia | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 (1) b), d) GDPR, Art. 32 (2), (4) GDPR |
| 2022-01-01 | Operator of a swimming pool | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Non-compliance with lawful basis for data processing | --Articles: Art. 6 (1) c) GDPR |
| 2021-01-01 | Company | €0 | GDPR | Data Protection Authority of Niedersachsen | Germany | Failure to implement sufficient measures to ensure information | --Articles: Art. 25 GDPR, Art. 32 GDPR |
| 2022-01-01 | Bank | €0 | GDPR | Data Protection Authority of Brandenburg | Germany | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 (3) GDPR, Art. 32 GDPR |
| 2019-10-01 | Deutsche Wohnen SE | €0 | GDPR | Data Protection Authority of Berlin | Germany | Failure to comply with data processing principles | Further fines of between €6,000 and €17,000 were issues to the company due to th...Further fines of between €6,000 and €17,000 were issues to the company due to the faulty storage of personal data. See the separate entry about Deutsche Wohnen SE. Articles: Art. 5 GDPR, Art. 25 GDPR |
| 2021-10-06 | Meta Platforms | €0 | GDPR | Data Protection Authority of Ireland | Ireland | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) a) GDPR, Art. 12 (1) GDPR, Art. 13 (1) c) GDPR |
| 1970-01-01 | Unknown | €0 | GDPR | Slovak Data Protection Office | Slovakia | Failure to implement sufficient measures to ensure information security | Personal data in the form of documents were thrown to the garbage dump, which is...Personal data in the form of documents were thrown to the garbage dump, which is an improper method of disposing of such documents. Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR |
| 1970-01-01 | Unknown | €0 | GDPR | Slovak Data Protection Office | Slovakia | Non-compliance with subjects' rights protection safeguards | The data controller did not comply with the data subject’s request to access per...The data controller did not comply with the data subject’s request to access personal data related to audio recordings. Articles: Art. 15 GDPR |
| 2019-07-10 | Driver and Vehicle Licensing Agency (DVLA) | €0 | GDPR | Information Commissioner | United Kingdom | Non-compliance (Data Breach) | The Company shared personal driver details with other third-parties, including p...The Company shared personal driver details with other third-parties, including parking firms. Articles: Unknown |
| 2021-01-01 | Unknown | €0 | GDPR | Data Protection Authority of Saxony | Germany | Failure to implement sufficient measures to ensure information | --Articles: Art. 32 GDPR |