government healthcare social media service provider fine education finance dark web retail law enforcement web telecoms travel manufacturing phama operating system insurance legal charity app tech gaming publishing transport utilities
story hacked malware unauthorised access ransomware vulnerability accidental disclosure phishing unsecured database poor security insider threat unsecured server hacked email lost device identity theft website hacked ddos stolen documents Trojans financial inside job spear phishing RDP skimming spyware
cyber attack privacy breach notification security flaw legislation poor operations user credentials physical security customer data third party Cryptocurrency enforcement email hacked insecure storage court action encryption VPN fraud passwords zero day 3rd parties state hacking remote working stolen data cloud

The Washpoint S.L. fined 1,000 Euros for breaching Art. 13 GDPR - Insufficient fulfilment of information obligations
The Netherlands: 440,000 EUR fine for hospital re. unauthorised access to medical records – Privacy Matters
Ripobruna 207, S.L. fined 1,600 Euros for breaching Art. 5 (1) c) GDPR - Non-compliance with general data processing principles
Vodafone España, SAU fined 120,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Ministero dello Sviluppo Economico fined 75,000 Euros for breaching Art. 5 (1) a), b), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 6 (2) GDPR, Art. 6 (3) b) GDPR, Art. 37 (1), (7) GDPR - Non-compliance with general data processing principles
Krajowa Szkoła Sądownictwa i Prokuratury fined 22,200 Euros for breaching Art. 5 (1) f) GDPR, Art. 25 (1) GDPR, Art. 28 (3) GDPR, Art. 32 (1), (2) GDPR - Insufficient technical and organisational measures to ensure information security
Vamavi Phone S.L. fined 24,000 Euros for breaching Art. 48 (1) b) LGT, Art. 21 GDPR, Art. 23 LOPDGDD, Art. 28 GDPR - Insufficient fulfilment of data subjects rights
Predase Servicios Integrales S.L. fined 5,000 Euros for breaching Art. 13 GDPR - Insufficient fulfilment of information obligations
Private Person fined 5,000 Euros for breaching Art. 5 (1) c) GDPR - Non-compliance with general data processing principles
Patio Ancestral S.L. fined 3,000 Euros for breaching Art. 6 GDPR - Insufficient legal basis for data processing
Private Person fined 2000 Euros for breaching Art. 5 (1) c) GDPR - Non-compliance with general data processing principles
Iberdrola Clientes fined 100,000 Euros for breaching Art. 5 (1) d) GDPR, Art. 17 GDPR - Insufficient fulfilment of data subjects rights
Cyberbook AS fined 19,300 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
IDFINANCE Spain, S.L. fined 3,000 Euros for breaching Art. 5 (1) f) GDPR - Insufficient technical and organisational measures to ensure information security
Xfera Moviles S.A. fined 24,000 Euros for breaching Art. 58 (2) GDPR - Insufficient cooperation with supervisory authority
Azienda Ospedaliero Universitaria di Parma fined 50,000 Euros for breaching Art. 5 (1) f) GDRP, Art. 9 GDPR - Non-compliance with general data processing principles
Azienda Ospedaliero Universitaria Senese fined 50,000 Euros for breaching Art. 5 (1) f) GDRP, Art. 9 GDPR - Non-compliance with general data processing principles
Azienda USL della Romagna fined 50,000 Euros for breaching Art. 5 (1) a), d), f) GDPR, Art. 9 GDPR, Art. 32 (1) b) GDPR - Non-compliance with general data processing principles
Family Service / N.D.P.K. nv. fined 50,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 13 GDPR, Art. 24 GDPR, Art. 25 GDPR, Art. 28 GDPR - Insufficient legal basis for data processing
Unknown fined 75,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 150,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Unknown fined 25,000 Euros for breaching Art. 5 (1) f), (2) GDPR, Art. 24 GDPR, Art. 32 GDPR, Art. 33 (1), (5) GDPR, Art. 34 (1) GDPR - Insufficient technical and organisational measures to ensure information security
Telefónica Móviles España, SAU fined 75,000 Euros for breaching Art. 6 (1) GDPR - Insufficient legal basis for data processing
Alterna Operador Integral S.L. fined 50,000 Euros for breaching Art. 6 (1) b) GDPR - Insufficient legal basis for data processing
Individual fined 1,200 Euros for breaching Art. 5 (1) c) GDPR - Non-compliance with general data processing principles
Aquateknikk AS fined 9,700 Euros for breaching Art. 5 GPDR, Art. 6 GDPR - Insufficient legal basis for data processing
Anwara Sp. z.o.o. fined 4,600 Euros for breaching Art. 31 GDPR, Art. 58 (1) a) GDPR - Insufficient cooperation with supervisory authority
Regione Lazio fined 75,000 Euros for breaching Art. 5 (2) GDPR, Art. 28 GDPR - Insufficient data processing agreement
Azienda Usl di Bologna fined 18,000 Euros for breaching Art. 5 (1) f) GDRP, Art. 9 GDPR - Non-compliance with general data processing principles
Poliambulatorio Talenti S.r.l. fined 2000 Euros for breaching Art. 12 (3) GDPR, Art. 15 GDPR - Insufficient fulfilment of data subjects rights
Azienda sanitaria provinciale di Enna fined 30,000 Euros for breaching Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR - Insufficient legal basis for data processing
Agenzia regionale protezione ambientale Campania (ARPAC) fined 8,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Coop Finnmark SA fined 38,600 Euros for breaching Art. 5 (1) a) GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated
Caixabank S.A. fined 6,000,000 Euros for breaching Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR - Insufficient legal basis for data processing
Unknown fined 10,000 Euros for breaching Art. 6 (1) GDPR, Art. 12 (3) GDPR, Art. 21 (1) GDPR - Insufficient legal basis for data processing
Unknown fined 38,600 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Enea S.A. fined 30,000 Euros for breaching Art. 33 (1) GDPR - Insufficient fulfilment of data breach notification obligations
notebooksbilliger.de fined 10,400,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Gveik AS fined 7,250 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing