Search Privacy Fines

Browse and filter privacy enforcement fines worldwide.

← Back to Overview

2,028 fines found

Total: $8.1B

DateCompanyFineRegulationAuthorityCountryTypeSummary
2023-02-06Sats ASA€900KGDPRNorwegian Supervisory Authority (Datatilsynet)NorwayFailure to comply with data processing principles
--

Articles: Art. 5 (1) a), e) GDPR, Art. 6 (1) GDPR, Art. 12 (1), (3) GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR

2022-07-28Hannoversche Volksbank€900KGDPRData Protection Authority of SaxonyGermanyNon-compliance with lawful basis for data processing
--

Articles: Art. 6 (1) GDPR

2019-10-31UWV - Insurance provider€900KGDPRDutch Supervisory Authority for Data Protection (AP)NetherlandsFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2020-11-111&1 Telecom GmbH€900KGDPRThe Federal Commissioner for Data Protection and Freedom of Information (BfDI)GermanyFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2022-02-01TELEFONICA MOVILES ESPANA, S.A.U.€900KGDPRSpanish Data Protection Authority (AEPD)SpainNon-compliance with lawful basis for data processing
--

Articles: Art. 5 (1) f) GDPR

2019-10-31UWV - Insurance provider€900KGDPRDutch Supervisory Authority for Data Protection (AP)NetherlandsFailure to implement sufficient measures to ensure information security
The Dutch employee insurance service provider – “Uitvoeringsinstituu...

The Dutch employee insurance service provider – “Uitvoeringsinstituut Werknemersverzekeringen – UWV did not use multi-factor authentication for accessing the employer web portal. Health and safety services, as well as employers, were able to view and collect data from employees, data to which normally they should not have had access to.

Articles: Art. 32 GDPR

2021-09-24Vattenfal Europe Sales GmbH€900KGDPRData Protection Authority of HamburgGermanyInsufficient data processing agreement
--

Articles: Art. 12 GDPR, Art. 13 GDPR

2020-07-06Bureau Krediet Registration€830KGDPRDutch Supervisory Authority for Data Protection (AP)NetherlandsNon-compliance with lawful basis for data processing
--

Articles: Art. 12 GDPR, Art. 15 GDPR

2020-07-13Iliad Italia S.p.A.€800KGDPRItalian Data Protection Authority (Garante)ItalyNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR, Art. 25 GDPR

2022-11-10Discord Inc.€800KGDPRFrench Data Protection Authority (CNIL)FranceFailure to implement sufficient measures to ensure information security
--

Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR, Art. 25 (2) GDPR, Art. 32 GDPR, Art. 35 GDPR

2021-07-22Roma Capitale€800KGDPRItalian Data Protection Authority (Garante)ItalyFailure to implement sufficient measures to ensure information security
--

Articles: Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 25 GDPR, Art. 28 GDPR, Art. 32 GDPR

2020-11-18Carrefour Banque€800KGDPRFrench Data Protection Authority (CNIL)FranceFailure to comply with data processing principles
--

Articles: Art. 5 GDPR

2023-02-27Bank of Ireland 365€750KGDPRData Protection Authority of IrelandIrelandFailure to comply with data processing principles
--

Articles: Art. 5 (1) f) GDPR, Art. 32 (1) GDPR

2021-04-09TikTok€750KGDPRDutch Supervisory Authority for Data Protection (AP)NetherlandsInformation obligation non-compliance
--

Articles: Art. 12 GDPR

2022-12-13Alektum Oy€750KGDPRDeputy Data Protection OmbudsmanFinlandInsufficient fulfilment of data subjects rights
--

Articles: Art. 12 (3) GDPR, Art. 15 (1), (3) GDPR

2020-04-30Unknown organization€725KGDPRDutch Supervisory Authority for Data Protection (AP)NetherlandsNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR, Art. 9 GDPR

2022-03-28Klarna Bank AB€720KGDPR Data Protection Authority of SwedenSwedenFailure to comply with data processing principles
--

Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR, Art. 12 (1) GDPR, Art. 13 (2) f) GDPR, Art. 14 (2) g) GDPR

2022-02-01Orange Espagne, S.A.U.€700KGDPRSpanish Data Protection Authority (AEPD)SpainNon-compliance with lawful basis for data processing
--

Articles: Art. 5 (1) f) GDP

2019-09-10Morele.net€645KGDPRPolish National Personal Data Protection Office (UODO)PolandFailure to implement sufficient measures to ensure information security
Morele.net was sanctioned with a fine of PLN 2.8 million because it hadn’t ensur...

Morele.net was sanctioned with a fine of PLN 2.8 million because it hadn’t ensured the proper security standards of customers’ data. As a consequence, more than 2.2 million people had their personal data accessed illegally.

Articles: Art. 32 GDPR

2019-09-10Morele.net€645KGDPRPolish National Personal Data Protection Office (UODO)PolandFailure to implement sufficient measures to ensure information security
--

Articles: Art. 32 GDPR

2022-02-08Budapest Bank Zrt.€634KGDPRHungarian National Authority for Data Protection and the Freedom of InformationHungaryFailure to comply with data processing principles
--

Articles: Art. 5 (1) a), b) GDPR, Art. 6 (1), (4) GDPR, Art. 12 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 21 (1), (2) GDPR, Art. 24 (1) GDPR, Art. 25 (1), (2) GDPR

2021-12-07Psykoterapiakeskus Vastaamo€608KGDPR Deputy Data Protection OmbudsmanFinlandFailure to comply with data processing principles
--

Articles: Art. 5 (1) f) GDPR, Art. 33 (1) GDPR, Art. 34 (1) GDPR

2022-08-19ACCOR SA€600KGDPRFrench Data Protection Authority (CNIL)FranceFailure to implement sufficient measures to ensure information
--

Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. 32 GDPR, L. 34-5 CPCE

2022-11-24ÉLECTRICITÉ DE FRANCE€600KGDPRFrench Data Protection Authority (CNIL)FranceNon-compliance with subjects' rights protection safeguards
--

Articles: Art. 7 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. L. 34-5 CPCE

2020-07-14Google Belgium SA€600KGDPRBelgian Data Protection Authority (APD)BelgiumNon-compliance with lawful basis for data processing
--

Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 17 (1) a) GDPR, Art. 12 GDPR

PreviousPage 7 of 82Next