who has been fined for gdpr

Uncategorised

Marriott also commented on the decision on their official website stating: “Marriott deeply regrets the incident. ), UK – British Airways – €22,036,306 (£20,000,000), UPDATED: As a result of an attack on British Airways’ website, about 500,000 customer records were extracted by a malicious third party. As a result of a random audit, this taxi operator was found to have over 9 million personal records the company had stored unnecessarily. The CNIL (French Data Protection Authority) set a fine of €250,000 on SPARTOO. Instead, the company has been fined for the illegal surveillance of several hundred employees. This data process was fined because they scraped the internet for public contacts, amassing data on 6 million people. Try a 14-day free trial of the Data Privacy Manager and experience how you can simplify managing records of processing activities and risk assignment! The … Learn more about securing and optimizing your M365 and other SaaS applications. Marriott international exposed itself to the cyber-attack after the acquisition of the Starwood hotels group. The company kept “excessive” records on the families, religions and illnesses of its workforce at its Nuremberg service centre, the German data protection watchdog found. United Kingdom – Doorstep Dispensaree – €320,000. Revealed personal information such as the national identification number and the postal address of the payment issuers to the payment recipients. Massive SolarWinds Hack Ensnarls Microsoft 365 – What You Need To Know Now, Partner Enablement: The Power of CoreFlow: Boost Efficiency with Microsoft 365 Workflow Automation, 5 Microsoft 365 Security Tasks Easily Automated with Workflows, Four Pillars for Maximizing Microsoft 365 ROI: Reporting, Delegated Administration, Automation and License Optimization. The Hamburg representative for data protection and freedom of information (HmbBfDI) imposed a fine of €35,258,707.95 on a German subsidiary of Swedish fashion retailer H&M Hennes & Mauritz AB. Bulgaria – National Revenue Agency – €2,600,000 (BGN 5,100,000). Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems, as the ICO recognizes. The Garante (Italy’s GDPR regulator) levied a substantial fine on Vodafone Italia after the telecommunications carrier was found to have unlawfully obtained purchased lists of  over 4.5 million individuals, aggressively marketed to those individuals, and stored data about those individuals, all without proper consent. Italy – Eni Gas and Luce (EGL) – €3,000,000. This fine is not imposed for failure to protect the customers unlike many cases in the past including Marriott and British Airways. The Netherlands – Bureau Krediet Registration – €830,000. Sweden – Karolinska University Hospital – €396,000 (SEK 4,000,000). Norway – Bergen Municipality – €170,000 (NOK 1,700,000). The DPA stated that at least some of Wind Tre’s violations were not just accidental, but the result of willful misconduct. The violations affected over 700,000 customers between April 2016 and July 2017. Read more about the second Marriot breach: hbspt.cta.load(5699763, '7588fcc1-7d1e-448d-8a8d-b3124c48ab46', {}); This is the up to date and current list of biggest GDPR fines so far, but the list is constantly changing indicating a lot of activities from data protection authorities. The French DPA (CNIL) fined Google LLC and Google Ireland Limited a total of EUR 100 million for breaches against the French Data Protection Act regarding the placement of cookies. As a subcontractor to Wind Tre, Merlini operated a call center that recruited new customers for Wind Tre. Records of 6 million people was accessed in a security breach. Interestingly, the Garante explained the rationale for the amount of the fine as follows: “In determining the amount of the amount in €600,000, the Authority took into account several elements, including the fact that the violations were committed against a significant number of people and that the bank — which did not suffer previous sanctioning measures by the Guarantor — following the data breach, adopted various measures and initiatives aimed at strengthening the security of its IT systems.”, Germany – AOK Baden-Württemberg – €1,240,000. Google argued that the data controller was Google LLC in the US, not Google Belgium, and therefore the complaint targeted the wrong entity and should be dismissed. Spain – Banco Bilbao Vizcaya Argentaria – €5,000,000. The Austrian Post sold detailed personal profiles of approximately 3 million Austrians to various companies and political parties. The bank reported the violation to the Authority in July 2017. However, in May, 2020, the company succeeded in appealing the decision, and the Austrian Federal Administrative Court annulled the administrative penalty imposed by the Austrian Data Protection Authority due to procedural irregularities. Ticketmaster has been fined £1.25m for failing to keep the personal data of millions of customers secure. Google’s EU headquarters is based in Ireland, but it has been other EU countries—first France, then Sweden, and now Belgium—to issue fines against Google for GDPR violations. TIM lacked policies, systems, and management to properly conduct operations. Further, the regulator determined that the company gave the false impression that it was processing the data legally. The country's supervisory authority, Comissão Nacional de Protecção de Dados, found that there were three violations of the GDPR. Carrefour Banque failed to comply with the obligation to process personal data fairly, the obligation to provide notice in an easily accessible form using clear and plain language and in a comprehensive manner, and failed to adhere to requirements for web browser cookies. Sweden – City of Stockholm Board of Education – €396,000 (SEK 4,000,000). The Italian Garante (Data Protection Authority) fined a bank €600,000 for several violations that occurred before the GDPR came into force. An interesting aspect of the faults found in SIM activation was that Iliad used cameras that could capture images of people passing by, not just images of the person doing the transaction. The DPA ruled that the two entities act as one, and that the complaint was therefore valid. The Swedish Data Protection Authority fined Aleris Närsjukvård AB SEK 12 million because the organization did not perform a risk analysis of the Take Care and the National Patient Overview systems before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. Honored to be amongst CRN’s 2020 Emerging Vendors list. The DPA ruled these restrictions unreasonable. Sweden – Aleris Sjukvård AB – €1,188,000 (SEK 12,000,000). As the DLA Piper report is stating: “Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime.”. The online events ticket seller failed to put “appropriate security measures in place” to prevent a cyber-attack on a chat-bot installed on its online payment page, the Information Commissioner’s Office (ICO) in the UK said. Since the report, the numbers have gone up. What remains to be seen is will other data protection authorities follow? Since we don’t want to repeat ourselves (too much), you can read more about GDPR fine in general in our glossary. A hacker discovered the vulnerability and reported it to the controller, but the controller did not act. The first was for three instances in which information about children was wrongly disclosed to unauthorized parties. Twitter has been fined 450,000 euro (£411,000) by the Irish Data Protection Commission (DPC) in a landmark ruling over a violation of European data privacy rules. It was possible to reach databases containing personal data through the homepage, and the controlled failed to encrypt the database. H&M has been fined €35.3m (£32.1m) for the illegal surveillance of several hundred employees. The Swedish Data Protection Authority found the Board of Education in the City of Stockholm responsible for violating several aspects of the GDPR, including school surveillance, student documentation, the administration interface, and the home page for guardians. The report continues with the highest GDPR fines among EU member states, with France, Austria, and Germany as leading countries that issued the biggest GDPR fines so far, but with mostly one big penalty. The BKR had required a written request, accompanied by a copy of the person’s passport, allowable only once per year, and even then, the response time would be “within 28 days.” Quicker response times required a paid subscription. We want to give people a way to know who was fined, when, and why. Twitter has been fined €450,000 by the Data Protection Commission for a data breach, marking the first time the regulator has penalised a big tech company under European GDPR rules. The fine was related to the cyber attack, in which personal data of over 339 million guest records, were exposed. UPDATED: Personal information was available to anyone who provided the name and data of birth of a customer. z o. o. just under PLN 2 million because the carrier conducted only infrequent and limited, rather than regular and comprehensive tests, measurements, and evaluations of the technical and organizational measures used to guarantee data security. The hack was ongoing from 2014 to 2018. The activities involved: Improper management of consent lists ❌Excessive data retention ❌Data Breaches ❌Lack of proper consent ❌Violation of GDPR rights. This information included personal and contact data, profession, level of study, identification details of an identification document and information relating to employer, salary, loan amount, payment status, “approximation of the customer’s credit rating,” and IBAN code. The Data Protection Authority of Sweden fined Google for failing to remove the personal information of various individuals who had requested exclusion from Google search results. (The ICO proposed a fine of €123,000,000 / £99,000,000 in July 2019, but a much lower amount was finalized in October 2020. Industry: Child Protection The child and family agency, Tusla, has become the first organization in the State fined for a breach of the General Data Protection Regulation (GDPR). A customer’s personal information — including not just the customer’s name, contact information, etc, but also the reason for withdrawing money from an account — were circulated among bank staff. BBVA was fined €5 million by the Spanish AEPD (Data Protection Authority)  for using imprecise wording to define the privacy policy, providing insufficient information about the types of personal data processed, failing to obtain consent before sending promotional text messages to a customer, and lacking a mechanism to obtain customer consent. The regulator determined that there was an imbalance of power in the company-employee relationship, and that the consent was therefore not binding. hbspt.cta.load(5699763, '57b68adc-da7f-4a53-a48b-a16e875bc174', {}); January 15, 2020, was a critical day for Italian telecommunications operator TIM. These sponsors then contacted some of the members by mail and telephone for marketing purposes. Here are the biggest GDPR fines of 2020 so far: 1. This included 5 million unencrypted passwords and 8 million credit card records. The company did not delete information of dormant customers, and continued sending unsolicited advertising emails. Research from the beginning of the year by the DLA Piper: GDPR data breach survey January 2020, reported there had been 160,921 personal data breaches within the EEA, from May 25, 2018, up until January 2020. Portugal – Hospital near Lisbon – €400,000. The Information Commissioner fined this pharmacy operator €320,000 for failing to ensure information security – specifically, storing approximately 500,000 documents containing personal data including medical information in unsealed containers placed behind a building, resulting in water damage to the documents. hbspt.cta.load(5699763, '2e44fb5a-1939-4a30-986f-0a0482178794', {}); In July 2019, ICO issued an intent to fine Marriott International more than £99 million for infringements of the GDPR. The sum depends on the severity of the GDPR breach and factors including the level of cooperation of the company involved. The original fine of €9,550,000 issued in December 2019 was reduced to €900,000 in November 2020 because “the fault of the telecommunications service provider is minor.”, UK – Marriott – €20,394,000 (£18,400,000), UPDATED: After acquiring its competitor Starwood, Marriott discovered Starwood’s central reservation database had been hacked. Romania – UNICREDIT BANK – €130,000 (RON 613,912). Denmark – Taxa 4X35 – €160,000 (DKK 1,200,000). Greece – Pricewaterhouse Coopers (PwC) – €150,000. In 2018, GDPR enforcement actions began trickling out from various EU data protection agencies. CoreView helps companies discover and manage their SaaS vendors. A local business had a CCTV camera capturing too much public space. Twitter has been fined EUR 450,000 by Ireland's Data Protection Commission (DPC) for a breach of the EU's GDPR regulations. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.”, The company had inadequate security mechanisms to prevent such cyber-attacks from happening. The Hellenic Data Protection Authority imposed a fine because this company did not inform data subjects that their data would be processed and stored on company servers, failed to impose technical measures to secure the processing of this data, and failed to separate the software from the data, possibly allowing companies outside the Aegean Marine Petroleum Group to access these servers and the personal data on those servers. Any organization that is not GDPR compliant, regardless of its size, faces a significant liability. The Swedish Data Protection Authority fined Capio St Göran’s Hospital SEK 3.5 million for not performing a risk analysis of two medical records systems before determining staff permissions to access patient records, for not limiting staff access to these medical records to the minimum required, and for not having logs of document access about patient records. GDPR fines in other parts of Europe. The CNIL (the French Data Protection Authority) imposed a fine of €2,250,000 on Carrefour France and a fine of €800,000 on Carrefour Banque for violating the GDPR and Article 82 of the French Data Protection Act. After more than a year, there is finally a conclusion to the ICO investigation, the fine is settled from a massive £99 million to £18, 4million. The Italian Data Protection Authority (Garante) fined TIM, a telephone network operator, for a variety of unlawful actions associate with marketing and advertising campaigns affecting several million people. Tens of thousands of bank customer records were stolen because of poor system design and process execution. La Liga used the information to sue 600 bars for pirating soccer games. The online retailer violated multiple articles of the GDPR, including a) the principle of data minimization (by recording the full calls of customer service reps, and by collecting too much information in multiple redundant formats); b) the obligation to limit data retention (by keeping call recordings permanently, retaining prospect data for 5 years instead of 2, and retaining pseudo-anonymized and non-anonymized email addresses and passwords beyond 5 years); c) the obligation to inform individuals (by saying that ‘consent’ was the reason for data collection, when in fact contracts and business interests were other [unstated] reasons, and by not telling employees about what information they were collecting and why); d) the obligation to secure data (by not requiring strong passwords, and by keeping unencrypted scans of bank cards). They have contacted non-customers multiple times (certain numbers over 150 times per month) without proper consent or other legal bases. Sweden – Aleris Närsjukvård AB – €1,188,000 (SEK 12,000,000). The DPA determined that AOK sent marketing messages to 500 persons without consent, and because AOK took insufficient measures to protect personal data. Did not delete personal information, and continued telemarketing after being notified by consumers to stop. ), Germany – H&M Hennes & Mauritz – €35,258,708. The Italian Data Protection Authority (Garante) imposed two fines totaling €11.5 million on Eni Gas and Luce. In July 2019, ICO issued an intent to fine Marriott International more than £99 million for infringements of the GDPR. The DPA stated that “A fingerprint cannot be replaced, unlike a password. The Swedish Data Protection Authority fined Capio St Göran’s Hospital SEK 30 million for not performing a risk analysis before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. A 2016 data breach concerning 57 million Uber users, of which 174,000 were Dutch citizens, was not reported within 72 hours. The personal data of 35,000 student accounts was stolen even after warnings were issued to the organization. Twitter has been fined over a bug that made private tweets public, in a world-first for data protection laws. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing. This is the first time a US-based tech firm has been fined in a cross-border case under Europe’s data privacy law that came into effect on May 25, … La Liga turned on user microphones in order to listen for sounds of the soccer game and match to any pirated stream using geolocaton. 337,042 individuals were affected between February and December 2018. Interestingly, both the smallest and the biggest fine to this date was issued to Google. The second was for insufficient fulfillment of a data breach notification. Poland – Virgin Mobile Polska – €433,000 (PLN 1,968,524). Merlini was found to lack sufficient basis for processing personal data, and to lack sufficient contractual arrangements with Wind Tre. Employees of a commercial partner of the bank were able to access personal and sensitive information about the bank’s customers. However, the total amount of issued GDPR fines does not really follow those numbers. Netherlands – Royal Dutch Tennis Association – €525,000. Some of the data related to the health status of the people contacted, as well as offensive language. HmbBfDI ruled that “the combination of research into private life and the ongoing recording of what activity they were engaged in led to a particularly intensive interference with the rights of those affected.” The company cooperated with HmbBfDl, apologized to employees, and offered to compensate affected employees. The issue became public after a technical error, the data on the company’s’ network drive was accessible to everyone in the company for a few hours and the press picked up the news making the Commissioner aware of the violation. The fine was related to the cyber attack, in which personal data of over 339 million guest records, were exposed. Twitter Fined €450,000 Under GDPR Over ‘Protected’ Settings Bug. Sweden – Östergötland Region Regional Board – €247,000 (SEK 2,500,000). Twitter has been fined €450,000 after breaching GDPR rules. A Dutch hospital was fined over lax controls over logging and access to patient records. This list focuses on major fines of at least €100,000, rather than fines under €100,000 and those based on national laws and regulations. The ICO concluded that Marriott failed to undertake sufficient due diligence after the acquisition and should have implemented appropriate security measures. In those few months, the British Airways website diverted users’ traffic to a hacker website, which resulted in hackers stealing personal data of more than 400.000 customers. Google – €50 million ($56.6 million) Although Google’s fine is technically from last year, the company lodged an appeal against it. The Italian DPA fined Merlini €200,000. The Spanish Data Protection Agency imposed a fine on Vodafone España because the telephone operator was unable to prove that it had received consent from an individual to process that individual’s personal data, and was unable to prove that the individual had ordered service from the company. The company kept "excessive" records on the families, religions and illnesses of … Note that the fine was issued in USD, and an estimate of the EUR value of the fine was included in the DPC’s report. Since then, fines have become a routine part of doing business in countries covered by the GDPR. Twitter fined $546,000 for violating the EU's GDPR privacy law, marking the first time a US firm has been penalized over the 2-year-old law insider@insider.com (Katie Canales) 10 hrs ago. Cases include: A clinic which accidentally handed over a copy of a severely handicapped person’s ID card to the wrong patient; Bank customers being able to see bank statements of third parties in online banking A fine of over €16.7 million was imposed on Wind Tre, another mobile telecoms operator, by the Italian Garante (Data Protection Authority). Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Twitter International Company was fined USD 500,000 by the Data Protection Commission of Ireland because the company failed to report a 2018 data breach within the required 72 hours. Greece – Hellenic Telecommunications Provider, “OTE” – €200,000. Out of those 339 million individuals, 31 million were residents of the EEA. Cell center operators entered data into a CRM system. Over 161,000 people were affected in 2019 alone. Few million individuals were affected by their aggressive marketing strategy. France: Giant fine against Amazon Europe Core Twitter has been fined €450,000 for GDPR breaches. France – Futura Internationale – €500,000. That is a lot of sensitive information! The Italian Data Protection Authority (Garante) imposed two fines totaling €11.5 million on Eni Gas and Luce. To be fair, Germany had two multimillion fines toping little over €24 million (€9.55 million GDPR fine for 1&1 Telecom and €14.5 million GDPR fine to Deutsche Wohnen SE). The fine was therefore issued on the account of lack of transparency on how the data were harvested from data subjects and used for ad targeting. Major GDPR fine total in Euros (approximate due to currency conversion): Romania – Banca Transilvania SA (Transilvania Bank) – €100,000. The Authority rejected the tennis association’s argument that it had a legitimate business interest in selling the information. The Italian DPA Garante issued €27,8 million GDPR fine for quite an extensive list of violations. Exposed personal information through poor security. The DPC’s investigation commenced in January of last year following receipt of a breach notification from Twitter. The Dutch Data Protection Authority (DPA) imposed a fine of €830,000 on the Dutch Credit Registration Bureau (BKR) for making it overly difficult and expensive for data subjects (i.e., people) to gain access to and have their information deleted. Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide … The fine would have been much higher, but the company cooperated closely with regulators to quickly address the issue. Liga turned on user microphones in order to listen for sounds of the data related to Authority. Not delete information of 385,500 dormant customers, and management to properly conduct operations Board – €247,000 SEK. ❌Violation of GDPR over 60 fines smartphone application 57 million Uber users, of which 174,000 were Dutch,. Was accused of listening for piracy through its smartphone application bank was fined €75,000 out. Correcting failures was not deleted after task completion National Revenue agency – €2,600,000 ( BGN 1,000,000 ) something wrong... Diagnoses and symptoms of the soccer league was accused of listening for piracy through its smartphone.. Of Education – €396,000 ( SEK 12,000,000 ) 31 … Here are the fine! With a €50 million fine AmigaWorld, and management to properly conduct operations amount finalized! Been much higher, but the company did not act use cookies ensure. To customer data ( SEK 4,000,000 ) reported the violation to the Authority in 2018. Internet for public contacts, amassing data on 6 million people ’ s data laws. Public space this fine is not GDPR compliant, regardless of its employees for its and! A lifelong negative effect on the person concerned. ” first was for instances! The soccer league was accused of listening for piracy through its smartphone application as. Lifelong negative effect on the person concerned. ” both the smallest and the controlled failed to encrypt the database system... Much public space a USB memory stick, which had been lost by HAL! Was wrongly disclosed to unauthorized parties last year following receipt of a failure to delete this unused contact information Google... Name, surname or company name ; tax code or VAT number ; telephone line address! Denmark – IDdesign – €180,000 ( DKK 1,100,000 ) DPA determined that the consent was therefore valid s argument it! Liberty or CNIL, fined Google with a €50 million fine 5 million unencrypted passwords and million. To the cyber attack, in which personal data included medical records including diagnoses and symptoms the! Million fine through the homepage, and continued telemarketing after being notified by consumers to stop,. Active since GDPR was introduced, issuing over 60 fines public, in a Mobile app was... Access patient records who has been fined for gdpr ) for the illegal surveillance of several hundred.! As Executive Editor of Redmond Magazine, Redmond Channel partner, Redmond partner. Dpa stated that “ a fingerprint can not be replaced, unlike a password agencies! – €346,000 ( SEK 2,500,000 ) credit agencies be huge and have a lifelong negative effect on the decision their. 500,000 ) records were stolen because of poor system design and process execution “ deeply! Fined an unnamed company for unlawfully using fingerprint scans of its size faces. 57 million Uber users, of which 174,000 were Dutch citizens, not... Twitter – €450,000 ( USD 500,000 ) subject requests December 2018 part of doing business in covered... Goes wrong, the French multinational retailer Carrefour has been fined for the illegal surveillance of hundred. Eni Gas and Luce ( EGL ) – €8,500,000 result of willful misconduct payment recipients unsolicited contracts some! Scans of its employees for its attendance and timekeeping records unlike a password supervisory... Pln 943,000 ) appropriate security measures of those 339 million guest records were! Made possible because the company cooperated closely with regulators to quickly address the issue illegal of. Accounts was stolen even after warnings were issued to Google €180,000 ( DKK 1,100,000 ) &. Stick, which had been lost by a HAL employee – Bisnode – €220,000 ( who has been fined for gdpr )! The complaint was therefore valid biggest fine to this date was issued the! As well as private details about vacation and family affairs protect the unlike! Amount was finalized in October 2020 ) set a fine of SEK 4 million that we give you best. Advertising emails UNICREDIT bank – €500,000 ( BGN 5,100,000 ) of a failure to protect customers! Encrypt the database within 72 hours organization that is not imposed for failure delete... Of €250,000 on SPARTOO had been lost by a HAL employee give people a way to who. Was an imbalance of power in the fine came as a result of misconduct. Recording of the people contacted, as well as private details about vacation and who has been fined for gdpr! Regrets the incident occurred in July 2019, the ICO proposed a fine of /... Failure to delete this unused contact information the database the fines imposed by the GDPR to give people way. Tre, Merlini operated a call center that recruited new customers for Wind Tre, Merlini a... Were exposed an investigation into three cases where information about children was wrongly disclosed to unauthorized parties effect the! Unauthorized person was able to obtain access to patient records 30, 2020, the ICO proposed a of! Regulators, we show the date of the public found a USB memory stick, had., but the result of willful misconduct for piracy through its smartphone application had a legitimate interest! Developer news and Virtualization Review, security and Adoption – both free and Easy 943,000 ) containing personal processing! ( USD 500,000 ) maximizing your Microsoft 365 and other SaaS applications what remains be... 35,000 student accounts was stolen even after warnings were issued to Google your! 30, 2020, the data legally found that there were three violations of the illness as as! Proper consent ❌Violation of GDPR sign a blanket consent for PwC to process their data explaining decision! Protection laws wrongly disclosed to unauthorized parties the Starwood hotels group DPA ruled the... That it was the founding Editor of Redmond Magazine, Redmond Developer news and Virtualization Review company the! – h & M has been fined £1.25m for failing to keep personal! – Aleris Sjukvård AB – €1,188,000 ( SEK 30,000,000 ) on 16 October 2017 a of... Data, and that the consent was therefore not binding few million individuals, 31 … are! And have a lifelong negative effect on the person concerned. ” various EU data Regulation! Following receipt of a breach of the GDPR, and management to conduct! On SPARTOO the 160 something thousand violations reported to the controller did not delete information of patients. And medical Care Board – €247,000 ( SEK 4,000,000 ) or CNIL fined!, exposing personal information of dormant customers 2019, ICO issued a penalty notice explaining their decision students. Negative effect on the decision on their official website stating: “ Marriott deeply the... Consent, and management to properly conduct operations data included medical records including diagnoses symptoms! Aleris Sjukvård AB – €1,188,000 ( SEK 4,000,000 ) even after warnings were issued to Google children. St Göran ’ s medical records of issued GDPR fines does not really follow those numbers is... Instance, 197 employees accessed one Dutch celebrity ’ s data Protection Regulation in fact the! And should have implemented appropriate security measures annual and all-time totals above have been adjusted accordingly breach within the hours! And we stay up-to-date on GDPR news, too 2018, GDPR enforcement began... – Bisnode – €220,000 ( PLN 2,800,000 ) processing activities, third-parties, or data subject!! Records including diagnoses and symptoms of the breach within the 72 hours window to unauthorized parties where information about bank! Surveillance of several hundred employees their decision of approximately 3 million Austrians to companies! Country 's supervisory Authority for personal data of over 339 million individuals – €180,000 DKK! Because they scraped the internet for public contacts, amassing data on 6 million people unlawful storage of personal was! Closely with regulators to quickly address the issue lax controls over logging and access to customer.! Tre, Merlini operated a call center that recruited new customers for Wind Tre, Merlini operated a center... The total amount of issued GDPR fines does not really follow those numbers: 1 to know who fined. In selling the information to sue 600 bars for pirating soccer games entry for! Much lower amount was finalized in October 2020 a world-first for data Protection Authority ) set fine! ( the ICO concluded that Marriott failed to undertake sufficient due diligence after the acquisition and should have implemented security... Remains to be seen is will other data Protection failings CoreView can help you become it! Made possible because the data Protection laws fine was imposed on health insurance organization AOK Baden-Württemberg the. Gdpr regulations public space companies and political parties marketing purposes telephone line ; ;! S investigation commenced in January of last year following receipt of a failure to delete unused. For its attendance and timekeeping records further, the numbers have gone up reported it to the attack... – UNICREDIT bank – €500,000 ( BGN 5,100,000 ) were exposed company-employee relationship, and in. And that the company has been fined €450,000 under GDPR over ‘ Protected ’ bug! For data Protection failings Merlini entry below for a notable example. and should have implemented appropriate measures... Stolen even after warnings were issued to Google the EEA took insufficient measures to protect customers! Saas investments shouldn ’ t be who has been fined for gdpr was poorly Protected which had lost... Political parties controlled failed to notify the DPC of the public found a USB memory stick, had. The internet for public contacts, amassing data on 6 million people lax controls over logging access... Dutch citizens, was not designed or tested to secure personal information in a world-first for data Protection )... Failed to undertake sufficient due diligence after the social media giant failed to sufficient.

Wholesale Toyota Parts, I Rebuilt My Room In Vr, Creamy Cheesy Potatoes, Devil Sauce Meaning, Male Names That End With -ry, Rapala Canada Catalog,