Data Protection Academy » Data Protection News » Examples of GDPR fines

Examples of GDPR fines: what happens in data protection

GDPR violations are penalised with high fines. The first data protection fines totalling millions have also been enforced in Germany. The inspections by the data protection supervisory authorities and an example of how fines are calculated can be found in the Data protection fine concept of the DSK are increasing.

GDPR violations

Personal data

Wiki

What are personal data in data protection? What must be observed when processing in accordance with GDPR?

Data protection supervisory authority

Wiki

Tasks, powers and responsibilities of data protection supervisory authorities. In Europe and in Germany per federal state

Record of processing activities

Wiki

List of processing activities according to Art. 30 GDPR. Explained step by step with extensive information. Data protection made easy.

Technical organisational measures (TOMs)

Wiki

All information on the technical organisational measures according to the GDPR. What do responsible parties have to observe during implementation and documentation?

WhatsApp and privacy

News

The messenger service WhatsApp is part of the Facebook group to which Instagram also belongs. At the beginning of 2021, Whatsapp announced an adjustment of its privacy policy. What can users do?

Create a GDPR-compliant data processing agreement

Wiki

All information on the data processing agreement according to GDPR. What do controllers have to consider when creating and managing?

Informational self-determination

Wiki

The right to informational self-determination has increasing importance in the digital age and is directly related to data protection and the GDPR.

data protection impact assessment

Wiki

Detailed description of the data protection impact assessment pursuant to Article 35 of the GDPR as well as specifications for the practical implementation of the DPIA.

Data protection

Wiki

Data protection is generally the protection of personal data of each individual against their unauthorised collection, processing and disclosure.

Examples of GDPR fines: what happens in data protection

News

GDPR infringements are punished with heavy fines. Find out which data protection infringements are suspected and secure yourself.

Data protection and data security while working from home

News

What do employers and employees need to be aware of? Concrete tips on data protection and advice on data security.

Use of social networks by public authorities

News

Social networks are often not DSGVO compliant. Data protection and social media use in public authorities: Important instrument or contradiction in terms?

Data breach at Klarna: Third party data visible

News

Entering a postcode and e-mail was sufficient to view third party data. The autofill function is to blame.

Data protection fine imposed on the Municipality of Oslo Education Authority

News

120.000 € because the security of the app "Skolemelding" for communication between school staff, parents and pupils was not guaranteed.

Privacy issues in 2020: Interview with the BfDI office

News

Learn more about: Data processing by Facebook, Goolge & Co. Fines imposed by regulatory authorities. The impact of brexite on data protection in Europe.

Data breach Microsoft customer records leaked

News

In December 2019, 250 million support requests to Microsoft were available online for two days. Security researchers reported the data breach to Microsoft.

End of support for Windows 7

News

As of 14.01.2020 there are no more security updates. Find out why this means a high risk for data protection and IT security.

British government published private addresses of stars

News

The British government publishes the addresses of around 1000 celebrities, politicians and private individuals who receive the traditional New Year's honours.

Data breach at Phoenix: sensitive data sent by pharmacies

News

An employee unintentionally sent delivery and turnover data of 211 pharmacies by fax. Data protection officers were involved.

Data failure in the district office Coburg

News

Allegedly deleted data on a hard drive came into circulation: Some 12,000 documents, e-mails and passwords were released.

Data breach employees fashion house H&M

News

The Swedish fashion house H&M is accused of having sounded out its employees. This also involved sensitive health data.

Data protection fine Swedish company

News

35,000 euros fine for violation of three Swedish laws at once. Information about creditworthiness published.

Highest data protection fine to date hits Delivery Hero

News

In August, the Berlin data protection commissioner had already imposed the highest German fine to date, amounting to 195,407 euros.

Data protection fine for the City of Oslo

News

EUR 50 000 fine for a serious infringement by the City of Oslo. Over a period of 11 years, patient data was incorrectly processed.

Documentation requirements of the GDPR

Wiki

Documentation requirements of the DSGVO: Every company must document data protection measures. But what exactly must be documented?

Data breakdown frequent flyer programme Miles & More

News

Lufthansa's frequent flyer programme confirms data breakdown. Thousands of users had access to foreign profiles.

BfDI imposes fine on Rapidata GmbH

News

No appointment of a data protection officer despite repeated requests. Expensive even for small companies.

BfDI imposes fine on telecommunications service provider

News

1&1 Telecom GmbH has to pay a fine of EUR 9,550,000 for insufficient technical and organisational measures.

GDPR ruling video surveillance medical practice

News

Data protection and video surveillance: How can you apply the BVerwG ruling to your practice?

Data protection fine for hospital in Rhineland-Palatinate

News

In addition to various data protection violations, one patient was confused when he was admitted to the hospital.

Fines imposed on public bodies in Belgium

News

Data used without permission for election campaigns. You can read about why the Belgian supervisory authority punishes public bodies particularly severely in the article.

Data breach patient data sent to wrong recipient

News

Nationwide NDR survey revealed that patient data is sent to the wrong recipients. Now data protection is threatened with a fine.

Data breach in medical practice: patient data online

News

Patient data of a medical practice publicly accessible for several months. The reason was a weakness of the router used.

Data protection fine la Tribuna de Pamplona Spain

News

The portal La Tribuna de Cartagena published information about a person who was the victim of a crime in 2018 without their consent.

Data protection fine due to revocation of consent

News

To what extent did the company that was punished violate the DSGVO? What must be taken into account when revoking consent?

Million Euro fine against Deutsche Wohnen

News

On 05.11.2019, the Berlin data protection authority imposed a fine in an unprecedented amount. Deutsche Wohnen is to pay 14.5 million euros.

Fine imposed on Romanian company Artmark Holding SRL

News

The reason was the transmission of advertising messages by e-mail without the express and unambiguous consent of the persons concerned.

Polish fine public body

News

40,000 zloty against the Mayor of the City of Aleksandrów Kujawski. A reduction of the fine is not possible due to bad cooperation.

Fines against Raiffeisen Bank and Vreau Credit

News

The two organisations checked the creditworthiness of individuals. Personal information was exchanged using WhatApp.

Fines against Elefant Online

News

Fines for Elefant Online SA for e-mail communication that does not comply with DSGVO. What specific infringements caused the fine?

Romanian fine Inteligo Media

News

Fines for Inteligo Media SA due to e-mail communication not conforming to DSGVO. What specific infringements caused the fine?

Controllers for processing according to GDPR

Wiki

The role of the person responsible is precisely defined in the DSGVO. Find out in the article which tasks and duties the responsible person has.

18 million fine imposed on Österreichische Post AG

News

What specific infringements of the DSGVO are ÖPAG accused of? You will find all information in the article. Read now and learn from the mistakes of others.

Data breach at UniCredit

News

The Italian bank UniCredit is the victim of a hacker attack. Around three million names, e-mail addresses and telephone numbers were captured.

Data breach at Adobe

News

Due to a security vulnerability, 7.5 million data of users of the Creative Cloud were publicly accessible. Read what you should be aware of now.

DSK data protection fine concept

News

The German fine model is intended to ensure greater transparency as well as systematic and comprehensible calculation of fines.

Data breach at Mercedes Benz

News

Several customers of the application Mercedes-Me got temporarily the data of other users displayed. Only customers from the USA were affected.

30.000 Euro fine for defective cookie banner

News

Shortly after the ruling of the European Court of Justice, the Spanish regulatory authority imposed the first fine on the airline Vueling.

Data breach and fine for Greek company

News

The Greek data protection authority has imposed a fine of EUR 200 000 on the telecommunications operator OTE.

Data breach at the city council of Magdeburg

News

The cause is the failure of computer programs. No personal data has been passed on to third parties, the data protection commissioner of the state of Saxony-Anhalt has been informed.

ECJ ruling on data protection and cookies

News

Judgement of the European Court of Justice strengthens consumer rights: Cookies only with voluntary active consent.

Data breach at Deutsche Bahn

News

In front of the Düsseldorf airport train station several boxes of files were found, which contained data of employees and passengers.

The new Federal Data Protection Act

Wiki

All information on the Federal Data Protection Act (BDSG-neu) and the differences to the General Data Protection Regulation (DSGVO).

Data Protection Officer

Wiki

When do companies have to appoint a data protection officer? Learn about the tasks and position of a data protection officer.

Microsoft Office 365 data protection under criticism

News

Microsoft Office 365 is questionable from a data protection perspective. Recently, its use in schools has been under criticism. What you need to consider when using it to avoid high data protection risks can be found in the article.

Data breach: police headquarters Neubrandenburg

News

Police officer confuses e-mail address with press distribution list and sends to 158 media representatives at the request of a private individual.

Data breach in Ecuador

News

Personal data of 17 million people from Ecuador published online on servers of Elasticsearch Also included was information about Wikileaks founder Julian Assange.

Data breach: health data

News

Highly sensitive medical data stored worldwide on servers without password protection The approximately 16 million data records come from 50 countries worldwide. In Germany, 13,000 patients are affected.

Data range Facebook phone numbers

News

Around 420 million data records, including telephone numbers of Facebook users, primarily from the USA, Great Britain and Vietnam, were freely accessible on the Internet.

Apple IPhone data failure

News

Apple's IPhones could apparently be spied on for more than 2 years. For example, a woman claiming to be Chinese spyware...

Swiss health insurance company sends statements incorrectly

News

Once again, CSS billing data has been sent to the wrong customers via the online portal of the Swiss health insurance company.

Data failure Bavarian Red Cross

News

The State Office for Data Protection Supervision has started investigations against the BRK regarding a possible transfer of health data to Facebook.

Data breakdown school Sweden

News

The Swedish Data Protection Agency imposes its first fine for GDPR violation on a school in Skelleftea.

Data breach Mastercard

News

Data such as mobile phone numbers, addresses and birthdays of almost 90,000 customers of the bonus program Priceless Specials have appeared on the Internet.

Data protection breakdown affects police officers

News

Data breakdown at the police in Thuringia. In the Unstrut-Hainich office, personal data of 134 police officers were transmitted unencrypted.

Ban on photography in schools not due to GDPR

News

The ban on photography in public institutions is not a consequence of the basic data protection regulation. Uncontrolled publication is a cause for concern.

Anonymised Internet data is often not secure

News

The Federal Data Protection Commissioner calls for more reliability and clarity with regard to anonymised Internet data. Learn more.

Data breach Biometric data

News

Serious data breach at Suprema, the Korean security solutions manufacturer. Fingerprint and facial recognition data was publicly available.

Plauen District Office Office Protection of the Constitution

News

Personal data of citizens who registered for meetings were reported. A violation of data protection and freedom of assembly.

Twitter user data advertisers

News

Information on the country code and whether and when ads were viewed was passed on. According to Twitter, the data mishap was fixed on 05.08.2019.

Datenpanne Spielemesse E3

News

The list contained 2000 records of trade visitors. Journalist Sophia Narwitz drew attention to the data discrepancy in a YouTube video.

Apple recordings for map services

News

Find out when Apple plans to include which regions and what you can do if you don't want your privacy to be affected.

100 million records stolen from US bank

News

Most of the data captured by a hacker attack originates from credit card applications and existing credit cards of the bank's customers.

Fines reach energy sector

News

Fines imposed by data protection authorities reach the energy sector. The Italian data protection authority imposed a fine of 2 million euros.

Data Protection Academy Data Protection Press Freedom

Data protection and freedom of the press

News

In Germany, freedom of the press is regulated by the media privilege. Read more about the rights and duties of journalists in the article.

Security incident in hospital IT

News

As a result, data was encrypted by the malware and hospital operations were significantly impaired.

Facebook fine $5 billion

News

The unauthorised processing of Facebook user data by Cambridge Analytica resulted in financial fines and structural changes.

Data breach on Facebook Messenger for kids

News

Facebook Messenger Kids allows kids to chat with parent-approved users. A technical error made it possible to chat with strangers.

Data breach at the city of Winsen

News

For eight months, a list of persons banned from the official building was publicly available on the website.

Data breach at the Gütersloh Job Center

News

Data breakdown at the Gütersloh Job Center: unshredded files were disposed of in blue paper bins and were accessible to everyone.

Massive data breach at the Russian secret service

News

Data leak at the Russian secret service FSB: Hackers are said to have stolen data on current projects and operations from the Moscow spy agency.

Data leak at petition platform WeAct

News

According to the operator of a petition platform Campact, lists of signatories were publicly accessible due to a technical error.

Dutch fine against hospital

News

The Dutch supervisory authority imposed a fine on Haga Hospital for insufficient security of patient records.

Data breach at LKA Lower Saxony

News

Already on 08.05.2019, a briefcase containing highly sensitive information is said to have been stolen from a private car by an official of the LKA.

110 million Euro fine for Marriott hotel chain

News

At the end of 2018 a hacker attack on the hotel chain became known. Presumably 339 million customer data were compromised.

15.000€ for hotel because of photographed breakfast list

News

15,000 euros for a hotel in Romania because a third party photographed and published online a list with data of 46 hotel guests.

DSGVO Fine British Airways

News

200 million fine for British Airways: the first fine enforced in the United Kingdom is surprisingly high, the airline announced an appeal

Data Protection Breaches

Wiki

When is an incident reportable? How can the risk be reduced? How to report data breaches correctly in accordance with the GDPR.

25,000 patient files found in empty building

News

25,000 patient files found in a vacant clinic building.

Fines enforced to date by supervisory authorities

News

These fines were enforced by regulatory authorities. Learn what went wrong and what you can do better yourself.

Google stores location data of Android users

News

Google stores location data of Android users - even if you have to assume that this is not actually done.

Collection #1 Hack - What you have to do now

News

773 million e-mail addresses and 21 million different passwords for online services used worldwide have been discovered in underground forums in the Dark Net these days. According to experts, the list of stolen user information is structured in such a way that it is ideally suited for the implementation of the hacker attack "Credential Stuffing" (filling in login data).

About
Latest Posts

Caroline Schwabe

Creative Director at Robin Data GmbH

Ms. Schwabe is an information designer and Data Protection Officer. The focus of her work is to help customers and interested parties with contributions to the Robin Data Privacy Academy.

Latest posts by Caroline Schwabe (see all)