Regulatory actions, fines, warnings, and enforcement decisions
€20,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 20,000 onTensa Art Design S.A.The DPA began investigating the controller's data processing activities, but the controller failed to respond to the DPA's requests.
€10,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 10,000 on GENPACT ROMANIA SRL. The controller suffered a successful cyber attack due to insufficient technical and organisational measures. The attacker was able to exploit vulnerabilities in some passwords and in the way user accounts' authentication could be reset.
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Eindhoven. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Veenendaal. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism steppe
€1,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 1,000 on the Alliance for the Union of Romanians (AUR) Party. The controller failed to react adequately to a data subject's request to exercise their rights regarding a personal letter containing electoral information.
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Delft. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped up
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Hilversum. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Huizen. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped up
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Ede. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped up me
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Tilburg. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism stepped u
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Gooise Meren. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism step
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Haarlemmermeer. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism st
€25,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 25,000 on the Municipality of Zoetermeer. The controller, one of ten municipalities that were fined, processed data regarding the Islamic community in its municipality using a force field analysis, for which it employed an external processor. This processing took place at a time of heightened societal concern about Islamic extremism and terrorism. During this period, the Dutch government and the National Coordinator for Security and Counterterrorism steppe
€10,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 10,000 on a natural person. The controller operated a website on which identity cards containing personal data, including special category data, possible criminal convictions, data on the intimate lives of data subjects and possible debts, were published. The processing of this data was not based on a sufficient legal basis, and the controller did not ensure that the data was correct, complete or transparent. Furthermore, the controller did not adequate
Boete van €15.000 - Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense Autoriteit voor Persoonsgegevens heeft een boete van 15.000 euro opgelegd aan Continental Automotive Products SRL. De verantwoordelijke partij heeft onvoldoende technische en organisatorische maatregelen genomen, wat heeft geleid tot een cyberincident.
€15,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 15,000 on Continental Automotive Products SRL. The controller failed to implement adequate technical and organisational measures, resulting in a cyber incident.
€21,650 fine - Norwegian Supervisory Authority (Datatilsynet)
The Norwegian DPA has imposed a fine of EUR 21,650 on Timegrip AS. The controller had been tracking the working hours of employees at a company that went bankrupt. A former employee requested that the controller send the working hours to the data subject so that they could claim their unpaid wages from the bankruptcy estate. Furthermore, the bankruptcy estate itself requested the data, but the controller refused to send it to them.
€8,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 8,000 on PREMIER RESTAURANTS ROMANIA SRL. The controller failed to implement adequate technical and organisational measures, resulting in a cyber incident.
8.000 euro boete - De Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming heeft PREMIER RESTAURANTS ROMANIA SRL een boete van 8.000 euro opgelegd. De verantwoordelijke partij heeft onvoldoende technische en organisatorische maatregelen genomen, wat heeft geleid tot een cyberincident.
€2,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 2,000 on Money Seeds S.R.L. The controller failed to fulfil a data subject's request to exercise their rights.
€10,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 10,000 on Roumasport S.R.L The controller failed to implement adequate technical and organisational measures, resulting in multiple cyber incidents.
Een boete van €10.000 - De Roemeense nationale toezichthouder op de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming (DPA) heeft een boete van 10.000 euro opgelegd aan Roumasport S.R.L. Het bedrijf heeft nagelaten voldoende technische en organisatorische maatregelen te implementeren, wat heeft geleid tot meerdere cyberincidenten.
Een boete van 960 euro - van het Poolse nationale bureau voor de bescherming van persoonlijke gegevens (UODO).
€960 fine - Polish National Personal Data Protection Office (UODO)
The Polish DPA (UODO) has fined a data controller EUR 1,450 for failing to provide information requested by the DPA during an investigation.
€2,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 2,000 on the Order of General Nurses, Midwives and Medical Assistants of Romania – Neamt Branch. The controller used video surveillance in a manner that was not in accordance with the GDPR.
Een boete van 2.000 euro - van de Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming heeft een boete van 2.000 euro opgelegd aan de Roemeense vereniging van algemene verpleegkundigen, verloskundigen en medische assistenten, afdeling Neamt. De verantwoordelijke partij heeft videobewaking gebruikt op een manier die niet in overeenstemming is met de Algemene Verordening Gegevensbescherming (AVG).
€1,600 fine - Spanish Data Protection Authority (aepd)
The Spanish DPA has imposed a fine of EUR 1,600 on NAROBESA INV, S.L. The controller failed to react to requests made by the DPA. The original fine of EUR 2,000 was reduced to EUR 1,600 due to immediate payment
1.600 euro boete - Spaanse Autoriteit voor Gegevensbescherming (AEPD).
De Spaanse autoriteit voor gegevensbescherming (DPA) heeft een boete van 1.600 euro opgelegd aan NAROBESA INV, S.L. De verantwoordelijke partij heeft niet gereageerd op verzoeken van de DPA. De oorspronkelijke boete van 2.000 euro is verlaagd tot 1.600 euro vanwege de onmiddellijke betaling.
600 euro boete - Spaanse Autoriteit voor Gegevensbescherming (AEPD).
De Spaanse gegevensbeschermingsautoriteit (DPA) heeft een boete van 300 euro opgelegd aan het bedrijf 4USPORT INSTALACIONES DEPORTIVAS, S.L. Het bedrijf heeft niet gereageerd op verzoeken die door de DPA waren ingediend.
Een boete van 300 euro - Spaanse Autoriteit voor Gegevensbescherming (AEPD).
De Spaanse gegevensbeschermingsautoriteit (DPA) heeft een boete van 300 euro opgelegd aan een onbekende persoon of entiteit. De verantwoordelijke partij heeft niet gereageerd op verzoeken van de DPA.
Een boete van 6.000 euro - opgelegd door de Spaanse autoriteit voor gegevensbescherming (AEPD).
De Spaanse gegevensbeschermingsautoriteit (DPA) heeft BLUE TEAM FLIGHT SCHOOL, S.L. een boete van 6.000 euro opgelegd. De verantwoordelijke partij heeft niet gereageerd op verzoeken van de DPA.
€6,000 fine - Spanish Data Protection Authority (aepd)
The Spanish DPA has imposed a fine of EUR 6,000 on BLUE TEAM FLIGHT SCHOOL, S.L. The controller failed to react to requests made by the DPA.
€600 fine - Spanish Data Protection Authority (aepd)
The Spanish DPA has imposed a fine of EUR 300 on 4USPORT INSTALACIONES DEPORTIVAS, S.L. The controller failed to react to requests made by the DPA.
€300 fine - Spanish Data Protection Authority (aepd)
The Spanish DPA has imposed a fine of EUR 300 on an unkonwn person/entity. The controller failed to react to requests made by the DPA.
€175,000 fine - Dutch Supervisory Authority for Data Protection (AP)
The Dutch DPA has imposed a fine of EUR 175,000 on Arnhem and Nijmegen University of Applied Sciences. The controller suffered a data breach due to insufficient technical and organisational measures.
€75,474 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)
The Slovenian DPA has imposed a fine of EUR 75,474 on a legal entity. Without a sufficient legal basis, the controller installed software on an employee's work computer which allowed them to monitor all of the employee's activity on that computer, including private activity. The software also allowed the controller to monitor private communications via Facebook or email, as well as audio conversations. The entity was fined EUR 71,474, and the person responsible was fined EUR 4,000.
Een boete van €15.000 - De Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming (DPA) heeft een boete van 15.000 euro opgelegd aan Crowd Entertainment Limited. Het bedrijf heeft niet adequaat gereageerd op een verzoek van een betrokkene om gebruik te maken van zijn rechten.
€15,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 15,000 on Crowd Entertainment Limited. The controller failed to adequatly react to a data subjects request to exercise their rights.
€5,100 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)
The Slovenian DPA has imposed a fine of EUR 5,100 on a legal entity. The controller operated a website where natural persons could fil in their personal data in a form. The controller failed to ensure that the Informations referred to in Art. 13 GDPR was provided to the data subjects in an adequate manner. The entity was fined EUR 4,800, and the person responsible was fined EUR 300.
€1,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 1,000 on Compania de Apa Oltenia S.A. The controller failed to implement adequate technical and organisational measures to ensure data security, resulting in personal data beeing leaked on social media.
Een boete van €1.000 - De Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming (DPA) heeft een boete van 1.000 euro opgelegd aan Compania de Apa Oltenia S.A. De verantwoordelijke partij heeft nagelaten om adequate technische en organisatorische maatregelen te implementeren om de gegevensbeveiliging te waarborgen, wat heeft geresulteerd in het uitlekken van persoonlijke gegevens op sociale media.
€1,300 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)
The Slovenian DPA has imposed a fine of EUR 1,300 on a legal entity. An employee of the controller stored personal data on her work laptop without securing it, for example by encrypting it, and took the laptop outside of the secured workspace, thereby allowing third parties to gain access to the data. The entity was fined EUR 1,000, and the person responsible was fined EUR 300.
Een boete van 2.000 euro - van de Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense Autoriteit Persoonsgegevens (DPA) heeft een boete van 2.000 euro opgelegd aan Nițu A. Cleopatra – Expert Accountant. Deze organisatie was het doelwit van een succesvolle cyberaanval als gevolg van onvoldoende technische en organisatorische maatregelen om de gegevensbeveiliging te waarborgen.
€2,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
Thr Romanian DPA has imposed a fine of EUR 2,000 on Nițu A. Cleopatra – Expert Accountant. The controller was the target of a successful cyber attack due to the inadequate technical and organisational measures in place to ensure data security.
€3,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 3,000 on Cucina di Fabio S.R.L. The controller was active in direct marketing activities, using personal data that had not been obtained on a sufficient legal basis.
€6,600 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)
The Slovenian DPA has imposed a fine of EUR 6,600 on a legal entity. The controller used GPS trackers to systematically and indiscriminately monitor its employees' activities without sufficient legal basis. The entity was fined EUR 6,000, and the person responsible was fined EUR 600.
Een boete van 3.000 euro - van de Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense autoriteit voor gegevensbescherming (DPA) heeft een boete van 3.000 euro opgelegd aan Cucina di Fabio S.R.L. Het bedrijf was actief in direct marketing en gebruikte daarbij persoonsgegevens die niet op een voldoende juridische basis waren verkregen.
€16,650 fine - Slovenian Supervisory Authority (Informacijski pooblaščenec)
The Slovenian DPA has imposed a fine of EUR 16,650 on a legal entity. The controller stored personal data on a publicly accessible web server without taking sufficient technical and organisational measures. The server could be accessed via a unique URL without additional safeguards, such as a password login. The entity was fined EUR 16,250, and the person responsible was fined EUR 400.
€3,000 fine - Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)
The Romanian DPA has imposed a fine of EUR 3,000 on Greencorp S.R.L. The controller failed to implement adequate technical and organisational measures to ensure data security, which resulted in a successful cyberattack.
Een boete van 3.000 euro - van de Roemeense nationale toezichthoudende autoriteit voor de verwerking van persoonsgegevens (ANSPDCP).
De Roemeense Autoriteit Persoonsgegevens heeft een boete van 3.000 euro opgelegd aan Greencorp S.R.L. De verantwoordelijke partij heeft nagelaten om voldoende technische en organisatorische maatregelen te implementeren om de gegevensbeveiliging te waarborgen, wat heeft geleid tot een succesvolle cyberaanval.