FINES ISSUED | Global Data Protection Agency

DATA BREACH FINES ISSUED TO DATE WORLDWIDE

€

Country:

Date:

Industry:

Country	Authority	Date	Currency	Amount	Against	Legal Basis	Industry	Details	Entry ID	Details
Romania	Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)	18/01/2023	EUR €	1,000	Dante Internațional SA	Art. 17 GDPR	Retail	Insufficient fulfilment of data subjects rights	6687
Spain	Spanish Data Protection Authority (aepd)	16/01/2023	EUR €	600	Private individual	Art. 5 (1) c) GDPR, Art. 13 GDPR	Private Citizen	Non-compliance with general data processing principles	6684
Spain	Spanish Data Protection Authority (aepd)	16/01/2023	EUR €	56,000	Vodafone España, S.A.U.	Art. 6 (1) GDPR	Telecommunications	Insufficient legal basis for data processing	6685
Spain	Spanish Data Protection Authority (aepd)	16/01/2023	EUR €	40,000	Thomas International Systems, S.A.	Art. 9 GDPR	Technology	Insufficient legal basis for data processing	6686
Spain	Spanish Data Protection Authority (aepd)	13/01/2023	EUR €	1,000	EDITORIAL RIBADEO S.L.	Art. 58 (2) GDPR	Other	Insufficient cooperation with supervisory authority	6682
Greece	Hellenic Data Protection Authority (HDPA)	13/01/2023	EUR €	50,000	Intellexa SA	Art. 31 GDPR	Financial Services	Insufficient cooperation with supervisory authority	6683
Romania	Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)	12/01/2023	EUR €	2,000	BRISTOL LOGISTICS SA	Art. 32 (1) b) GDPR, Art. 32 (2) GDPR	Transportation/Logistics	Insufficient technical and organisational measures to ensure information security	6680
Spain	Spanish Data Protection Authority (aepd)	12/01/2023	EUR €	3,000	SERVICIOS INTEGRALES DEL HOGAR TENERIFE, S.L.	Art. 6 (1) GDPR	Other	Insufficient legal basis for data processing	6681
Spain	Spanish Data Protection Authority (aepd)	10/01/2023	EUR €	120	Homeowners Association	Art. 13 GDPR	Other	Insufficient fulfilment of information obligations	6678
Spain	Spanish Data Protection Authority (aepd)	10/01/2023	EUR €	300	Private individual	Art. 5 (1) c) GDPR	Private Citizen	Non-compliance with general data processing principles	6679
Country		Date					Industry

TRUST IS THE NEW CURRENCY ®