Enforcement

€75,474 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 75,474 on a legal entity. Without a sufficient legal basis, the controller installed software on an employee's work computer which allowed them to monitor all of the employee's activity on that computer, including private activity. The software also allowed the controller to monitor private communications via Facebook or email, as well as audio conversations. The entity was fined EUR 71,474, and the person responsible was fined EUR 4,000.

€5,100 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 5,100 on a legal entity. The controller operated a website where natural persons could fil in their personal data in a form. The controller failed to ensure that the Informations referred to in Art. 13 GDPR was provided to the data subjects in an adequate manner. The entity was fined EUR 4,800, and the person responsible was fined EUR 300.

€1,300 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 1,300 on a legal entity. An employee of the controller stored personal data on her work laptop without securing it, for example by encrypting it, and took the laptop outside of the secured workspace, thereby allowing third parties to gain access to the data. The entity was fined EUR 1,000, and the person responsible was fined EUR 300.

€6,600 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 6,600 on a legal entity. The controller used GPS trackers to systematically and indiscriminately monitor its employees' activities without sufficient legal basis. The entity was fined EUR 6,000, and the person responsible was fined EUR 600.

€16,650 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 16,650 on a legal entity. The controller stored personal data on a publicly accessible web server without taking sufficient technical and organisational measures. The server could be accessed via a unique URL without additional safeguards, such as a password login. The entity was fined EUR 16,250, and the person responsible was fined EUR 400.

€500 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 500 on a sole trader. The controller failed to react to a request by the DPA within the set 10-day period.

€11,614 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 11,614 on a legal entity. The controller did not delete the email address of a former employee, but rather continued to receive and process all emails sent to that address without a sufficient legal basis. The entity was fined EUR 10,614, and the person responsible was fined EUR 1,000.

€5,810 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 5,810 on a legal entity. The controller employed a person authorised to perform clerical work. However, this person used a data processor to process personal data without a data processing agreement. The legal entity was fined €5,610, and the person responsible within the entity was fined €200.

€5,020 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 5,020 on a legal entity. The controller had developed an application that allowed the exchange of personal data, but failed to implement technical measures to protect the programming interface when switching from the test environment to the production environment. This resulted in a data breach affecting approximately 100,000 users. The entity was fined EUR 4,820, and the person responsible was fined EUR 200.

€2,200 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 2,200 on a legal entity. An employee of the company forwarded health data to a lawyer without sufficient grounds. The company was fined EUR 2,000, while the employee was fined EUR 200.

€16,000 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 16,000 on a sole trader. The controller rented out apartments to tenants and installed video surveillance inside them.

€1,000 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)

The Slovenian DPA has imposed a fine of EUR 1,000 on a sole trader. The controller published personal data on a website without a legal basis and despite being subject to a contractual prohibition.