government
healthcare
service provider
fine
social media
education
finance
dark web
retail
law enforcement
web
telecoms
travel
manufacturing
operating system
legal
insurance
phama
charity
app
tech
gaming
transport
publishing
utilities
story
hacked
malware
ransomware
unauthorised access
vulnerability
accidental disclosure
phishing
unsecured database
poor security
insider threat
unsecured server
hacked email
lost device
identity theft
website hacked
stolen documents
ddos
Trojans
financial
inside job
spear phishing
RDP
spyware
skimming
privacy
cyber attack
breach notification
security flaw
legislation
poor operations
user credentials
physical security
customer data
third party
Cryptocurrency
enforcement
email hacked
insecure storage
court action
encryption
VPN
fraud
passwords
zero day
3rd parties
state hacking
remote working
stolen data
cloud
Forbes Hungary fined 560 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
El Real Sporting de Gijón S.A.D. fined 5,000 Euros for breaching Art. 6 GDPR, Art. 7 GDPR - Insufficient legal basis for data processing
Xfera Moviles S.A. fined 5,000 Euros for breaching Art. 58 GDPR - Insufficient cooperation with supervisory authority
Telefónica Móviles España, SAU fined 75,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Telefónica Móviles España, SAU fined 70,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Telefónica Móviles España, SAU fined 55,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
El Periódico de Catalunya, S.L.U. fined 10,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Metropolitan Community Health Services (Metro) pays fine
Xfera Moviles S.A. fined 70,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Orange Espagne S.A.U. fined 80,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Comercial Vigobrandy, SL fined 1,500 Euros for breaching Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR - Insufficient fulfilment of information obligations
Iberia Lae SA Operadora Unipersonal fined 40,000 Euros for breaching Art. 58 GDPR - Insufficient cooperation with supervisory authority
Banco Bilbao Vizcaya Argentaria, SA fined 24,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Google Ireland Ltd. fined 28 Euros for breaching Art. 12 GDPR, Art. 15 GDPR - Insufficient fulfilment of data subjects rights
Office for geodesy and cartography fined 22,300 Euros for breaching Art. 31 GDPR, Art. 58 GDPR - Insufficient cooperation with supervisory authority
Operator of CCTV of a residential building fined 5,000 Euros for breaching Art. 6 GDPR, Art. 7 GDPR - Insufficient legal basis for data processing
Google Belgium SA fined 600,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 17 (1) a) GDPR, Art. 12 GDPR - Insufficient fulfilment of data subjects rights
Iliad Italia S.p.A. fined 800,000 Euros for breaching Art. 5 GDPR, Art. 25 GDPR - Non-compliance with general data processing principles
Wind Tre S.p.A. fined 16,700,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 24 GDPR, Art. 25 GDPR - Insufficient legal basis for data processing
Merlini s.r.l. fined 200,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 28 GDPR, Art. 29 GDPR - Insufficient legal basis for data processing
Xfera Moviles S.A. fined 55,000 Euros for breaching Art. 5 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
School Fitness Holiday & Franchising S.L. fined 5,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Global Business Travel Spain SLU fined 5,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Vodafone España, SAU fined 12,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Centro Internacional De Crecimiento Laboral Y Profesional S.L. fined 1,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Auto Desguaces Iglesias S.L. fined 1,500 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Municipality of Rælingen fined 46,660 Euros for breaching Art. 32 GDPR, Art. 35 GDPR - Insufficient technical and organisational measures to ensure information security
East Power Sp. z o.o. fined 3,400 Euros for breaching Art. 31 GDPR, Art. 58 GDPR - Insufficient cooperation with supervisory authority
Fine for BKR due to costs of accessing personal data
Bureau Krediet Registration ('BKR') fined 830,000 Euros for breaching Art. 12 GDPR, Art. 15 GDPR - Insufficient fulfilment of data subjects rights
Mapei S.p.A. fined 15,000 Euros for breaching Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR - Insufficient fulfilment of data subjects rights
Xfera Moviles S.A. fined 5,000 Euros for breaching Art. 31 GDPR, Art. 58 GDPR - Insufficient cooperation with supervisory authority
Saunier-Tec Mantenimientos de Calor y Frio, SL. fined 3,600 Euros for breaching Art. 33 GDPR - Insufficient fulfilment of data breach notification obligations
Odin Flissenter AS fined 0 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
De Vere Spain S.L. fined 4,000 Euros for breaching Art. 21 GDPR - Insufficient fulfilment of data subjects rights
Iberdrola Clientes fined 24,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Italian Garante Fines Bank 600,000 Euros for Pre-GDPR UniCredit Data Breach
Grays Harbor County Hospital reaches settlement
Tusla Child and Family Agency fined 40,000 Euros for breaching Art. 33 GDPR - Insufficient fulfilment of data breach notification obligations
Allgemeine Ortskrankenkasse ('AOK') (health insurance company) fined 1,240,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
