government healthcare social media service provider fine education finance dark web retail law enforcement web telecoms travel manufacturing phama operating system insurance legal charity app tech gaming transport publishing utilities
story hacked malware unauthorised access ransomware vulnerability accidental disclosure phishing unsecured database poor security insider threat unsecured server hacked email lost device website hacked identity theft stolen documents ddos Trojans financial inside job spear phishing RDP spyware skimming
cyber attack privacy breach notification security flaw legislation poor operations user credentials physical security customer data third party Cryptocurrency enforcement email hacked insecure storage court action encryption fraud VPN passwords zero day state hacking 3rd parties employee data remote working stolen data

Västerbotten Region fined 243,800 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Östergötland Region fined 243,800 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Dr Marín Cirugia Plástica, S.L.P. fined 2,400 Euros for breaching Art. 13 GDPR - Insufficient fulfilment of information obligations
Aleris Sjukvård AB fined 1,463,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 32 (1) GDPR, Art. 32 (2) GDPR - Insufficient technical and organisational measures to ensure information security
Losada Advocats S.L. fined 10,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Asociación de Víctimas por Arbitrariedades Judiciales, (JAVA) fined 5,000 Euros for breaching Art. 6 (1) GDPR - Insufficient legal basis for data processing
Comercio Online Levante, S.L. fined 3,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Servicio de Alojamientos Responsables, S.L. fined 6,000 Euros for breaching Art. 6 (1) GDPR - Insufficient legal basis for data processing
Südameapteegi e-apteek fined 100,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Apotheka e-apteek fined 100,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Private Individual fined 1,200 Euros for breaching Art. 5 (1) a) GDPR - Non-compliance with general data processing principles
Charly Mike s.r.l. fined 3,000 Euros for breaching Art. 5 (1) a) GDPR, Art. 13 GDPR - Insufficient legal basis for data processing
Concentrix Cvg Italy s.r.l. fined 20,000 Euros for breaching Art. 5 (1) a), c) GDPR, Art. 6 (1) b), c) GDPR, Art. 9 (1) b) GDPR - Insufficient legal basis for data processing
Reti Televisive Italiane S.p.a. fined 10,000 Euros for breaching Art. 5 (1) a) GDPR - Non-compliance with general data processing principles
Private Individual fined 1,500 Euros for breaching Art. 6 GDPR, Art. 25 GDPR - Insufficient legal basis for data processing
Miraclia Telecomunicaciones S.L. fined 40,000 Euros for breaching Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR - Insufficient legal basis for data processing
Gnosjö Municipality fined 19,500 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 35 GDPR, Art. 36 GDPR - Insufficient legal basis for data processing
City of Stockholm fined 394,000 Euros for breaching Art. 5 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Burgo Group S.p.A fined 20,000 Euros for breaching Art. 5 GDPR, Art. 13 GDPR - Non-compliance with general data processing principles
Recambios Villalegre S.L. fined 12,000 Euros for breaching Art. 6 GDPR, Art. 13 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 36,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Unknown fined 28 Euros for breaching Art. 5 (1) d) GDPR - Non-compliance with general data processing principles
Carrefour France fined 2,250,000 Euros for breaching Art. 5 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 21 GDPR, Art. 32 GDPR, Art. 33 GDPR - Non-compliance with general data processing principles
Carrefour Banque fined 800,000 Euros for breaching Art. 5 GDPR - Non-compliance with general data processing principles
Anmavas 61, S.L. fined 2000 Euros for breaching Art. 58 GDPR - Insufficient cooperation with supervisory authority
Comune di Collegno fined 2000 Euros for breaching Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR - Insufficient fulfilment of data subjects rights
Provincial Health Authority of Cosenza fined 30,000 Euros for breaching Art. 9 GDPR - Insufficient legal basis for data processing
Vodafone España, S.A.U. fined 42,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Homeowners Association fined 1,600 Euros for breaching Art. 5 (1) c) GDPR - Non-compliance with general data processing principles
Unknown fined 1,500 Euros for breaching Art. 5 GDPR, Art. 6 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 30 GDPR, Art. 37 (5) GDPR, Art. 37 (7) GDPR - Non-compliance with general data processing principles
Ticketmaster UK Limited fined 1,405,000 Euros for breaching Art. 5 (1) f) GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Ticketmaster fined £1.25m for losing UK customers' payment card details | Science & Tech News | Sky News
OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative | HHS.gov
Vodafone Italia S.p.A. fined 12,251,601 Euros for breaching Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 7 GDPR, Art. 15 (1) GDPR, Art. 16 GDPR, Art. 21 GDPR, Art. 24 GDPR, Art. 25 (1) GDPR, Art. 32 GDPR, Art. 33 GDPR - Non-compliance with general data processing principles
Vodafone España, S.A.U. fined 42,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing
Telecoms provider (1&1 Telecom GmbH) fined 900,000 Euros for breaching Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Miguel Ibáñez Bezanilla, S.L. fined 3,000 Euros for breaching Art. 13 GDPR, Art. 32 GDPR - Insufficient technical and organisational measures to ensure information security
Xfera Moviles S.A. fined 20,000 Euros for breaching Art. 31 GDPR - Insufficient legal basis for data processing
Data Protection Commission Fine on Tusla Child and Family Agency Confirmed in Court | 04/11/2020 | Data Protection Commission
Telefonica Moviles Espana, S.A.U. fined 75,000 Euros for breaching Art. 5 GDPR, Art. 6 GDPR - Insufficient legal basis for data processing