The original fine of €9,550,000 issued in December 2019 was reduced to €900,000 in November 2020 because “the fault of the telecommunications service provider is minor.”, UK – Marriott – €20,394,000 (£18,400,000), UPDATED: After acquiring its competitor Starwood, Marriott discovered Starwood’s central reservation database had been hacked. The Swedish Data Protection Authority fined Karolinska University Hospital SEK 4 million for not performing a risk analysis of the Take Care system before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. Cell center operators entered data into a CRM system. There are also some GDPR fines (7 in total), where the amounts were not made public, so we cannot include them. Carrefour Banque failed to comply with the obligation to process personal data fairly, the obligation to provide notice in an easily accessible form using clear and plain language and in a comprehensive manner, and failed to adhere to requirements for web browser cookies. These included making unsolicited promotional calls, enrolling people in prize competitions without their consent, ignoring do-not-call exclusion requests even after 155 calls were made to one individual. Because some fines are adjusted by regulators, we show the date of the final resolution. H&M has been fined €35.3m (£32.1m) for the illegal surveillance of several hundred employees. We want to give people a way to know who was fined, when, and why. Poland – Virgin Mobile Polska – €433,000 (PLN 1,968,524). The violations affected over 700,000 customers between April 2016 and July 2017. Try Data Privacy Manager and experience how you can simplify managing records of processing activities, third-parties, or data subject requests! 337,042 individuals were affected between February and December 2018. If you continue to use this site we will assume that you are happy with it. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing. Maximizing your Microsoft 365 and other SaaS investments shouldn’t be hard. The Polish Data Protection Authority fined VMP Sp. In their penalty notice, the ICO explains the reasons behind the decision taking into account a range of mitigating factors and the impact of the Covid-19 pandemic. The Finnish Office of the Data Protection Ombudsman’s sanctions board fined the national postal service for disclosing personal information to organizations that used the personal information to send direct marketing and advertising materials, and for not notifying individuals that their data might be used in such a way. The system contained sensitive information about former and current tenants. Yes – since GDPR was implemented in May 2018, the ICO (the UK’s independent national data protection authority) has been busy taking action against over 100 organisations in both the private and public sector. The online retailer violated multiple articles of the GDPR, including a) the principle of data minimization (by recording the full calls of customer service reps, and by collecting too much information in multiple redundant formats); b) the obligation to limit data retention (by keeping call recordings permanently, retaining prospect data for 5 years instead of 2, and retaining pseudo-anonymized and non-anonymized email addresses and passwords beyond 5 years); c) the obligation to inform individuals (by saying that ‘consent’ was the reason for data collection, when in fact contracts and business interests were other [unstated] reasons, and by not telling employees about what information they were collecting and why); d) the obligation to secure data (by not requiring strong passwords, and by keeping unencrypted scans of bank cards). The Garante (Italy’s GDPR regulator) levied a substantial fine on Vodafone Italia after the telecommunications carrier was found to have unlawfully obtained purchased lists of  over 4.5 million individuals, aggressively marketed to those individuals, and stored data about those individuals, all without proper consent. Google’s EU headquarters is based in Ireland, but it has been other EU countries—first France, then Sweden, and now Belgium—to issue fines against Google for GDPR violations. Protect your environment, manage with true mastery, and optimize licenses and product adoption to get the most out of what you’ve invested in. Revealed personal information such as the national identification number and the postal address of the payment issuers to the payment recipients. Dutch employee insurance service provider UWV did not apply multi-factor authentication when granting access to the online employer portal, so security was deemed insufficient. The breach impacted 30 million EU residents. As the DLA Piper report is stating: “Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime.”. The violations affected over 700,000 customers between April 2016 and July 2017. Norway – Oslo Municipal Education Department – €200,000 (NOK 2,000,000). Denmark – IDdesign – €180,000 (DKK 1,500,000). Few million individuals were affected by their aggressive marketing strategy. Twitter has been fined 450,000 euro (£411,000) by the Irish Data Protection Commission (DPC) in a landmark ruling over a violation of European data privacy rules. Did not delete personal information of 385,500 dormant customers. The case is pretty interesting since the company collected sensitive personal data of their employees through whispering campaigns, gossip, and other sources to create profiles of employees and used that data in the employment process. In 2020, Marriott suffered another data breach, this time affecting 5.2 million individuals. The soccer league was accused of listening for piracy through its smartphone application. Google argued that the data controller was Google LLC in the US, not Google Belgium, and therefore the complaint targeted the wrong entity and should be dismissed. One staff member shared the information on WhatsApp, resulting in that information, along with personal information of 3 other bank employees being posted on Facebook and a public website. Heathrow Airport Limited (HAL) has been fined £120,000 by the Information Commissioner’s Office (ICO) for failing to ensure that the personal data held on its network was properly secured. However, in May, 2020, the company succeeded in appealing the decision, and the Austrian Federal Administrative Court annulled the administrative penalty imposed by the Austrian Data Protection Authority due to procedural irregularities. The French DPA (CNIL) fined Google LLC and Google Ireland Limited a total of EUR 100 million for breaches against the French Data Protection Act regarding the placement of cookies. The issue became public after a technical error, the data on the company’s’ network drive was accessible to everyone in the company for a few hours and the press picked up the news making the Commissioner aware of the violation. Tens of thousands of bank customer records were stolen because of poor system design and process execution. Massive SolarWinds Hack Ensnarls Microsoft 365 – What You Need To Know Now, Partner Enablement: The Power of CoreFlow: Boost Efficiency with Microsoft 365 Workflow Automation, 5 Microsoft 365 Security Tasks Easily Automated with Workflows, Four Pillars for Maximizing Microsoft 365 ROI: Reporting, Delegated Administration, Automation and License Optimization. On 16 October 2017 a member of the public found a USB memory stick, which had been lost by a HAL employee. It is the largest fine issued for an employment-related privacy breach since the General Data Protection Regulation (GDPR) came into force across the EU in 2018. Twitter has been fined €450,000 for GDPR breaches. No data breach was known to occur, but the simple fact that the company had stored the data resulted in the DPA recommending a substantial fine. The Data Protection Commission issued the penalty after the social media giant failed to notify it within 72 hours. Bulgaria – DSK Bank – €500,000 (BGN 1,000,000). Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide … Try a 14-day free trial of the Data Privacy Manager and experience how you can simplify managing records of processing activities and risk assignment! Centro Hospitalar Barreiro Montijo has been fined 400,000 euros for violating the General Data Protection Regulation. For example, British … Note that the fine was issued in USD, and an estimate of the EUR value of the fine was included in the DPC’s report. The Swedish Data Protection Authority fined Aleris Närsjukvård AB SEK 12 million because the organization did not perform a risk analysis of the Take Care and the National Patient Overview systems before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. It was possible to reach databases containing personal data through the homepage, and the controlled failed to encrypt the database. This failure broke data protection law and, subsequently, BA was the subject of a cyber-attack during 2018, which it did not detect for more than two months.”, The company had inadequate security mechanisms to prevent such cyber-attacks from happening. These sponsors then contacted some of the members by mail and telephone for marketing purposes. The DPA stated that “A fingerprint cannot be replaced, unlike a password. Industry: Child Protection The child and family agency, Tusla, has become the first organization in the State fined for a breach of the General Data Protection Regulation (GDPR). Twitter Fined €450,000 Under GDPR Over ‘Protected’ Settings Bug. The company kept "excessive" records on the families, religions and illnesses of … La Liga turned on user microphones in order to listen for sounds of the soccer game and match to any pirated stream using geolocaton. Marriott to be fined nearly £100m over GDPR breach This article is more than 1 year old ICO imposes fine after personal data of 339 million guests was stolen by hackers Did not delete personal information, and continued telemarketing after being notified by consumers to stop. ✅ central management and connectivity with other systems ✅ collaboration through all organizational units ✅ automated data removal ✅ managing compliant record of processing activities ✅ risk-free third-party management. Annual and all-time totals above have been adjusted accordingly. Some of the data related to the health status of the people contacted, as well as offensive language. Over 161,000 people were affected in 2019 alone. Marriott international exposed itself to the cyber-attack after the acquisition of the Starwood hotels group. As a result of a random audit, this taxi operator was found to have over 9 million personal records the company had stored unnecessarily. A Dutch hospital was fined over lax controls over logging and access to patient records. France fined Google €50 million (U.S. $57 million) in 2019; then a French court shot down Google’s appeal last month. The UK ICO found that Ticketmaster “failed to process personal data in a manner that ensured appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures as required by Article 5(1)(f) and Article 32 GDPR.” A large number of people were affected — 9.4 million data subjects. They did not inform these people that their data would be processed, and the company conducted commercial outreach to over 90,000 people, 12,000 of which objected to unauthorized use of their data. The Belgian Data Protection Authority imposed a fine on Google €600,000 because Google did not comply with the right to be forgotten – Google rejected a request from a Belgian citizen to have outdated and negative listings removed from the search results. ), Germany – H&M Hennes & Mauritz – €35,258,708. Instead, the company has been fined for the illegal surveillance of several hundred employees. The Italian Data Protection Authority (Garante) fined TIM, a telephone network operator, for a variety of unlawful actions associate with marketing and advertising campaigns affecting several million people. Since the report, the numbers have gone up. An unauthorized person was able to obtain access to customer data. Twitter has been fined over a bug that made private tweets public, in a world-first for data protection laws. Despite the 160 something thousand violations reported to the data protection authorities. If we look at the activity of all EU data protection authorities, head and shoulders above everybody is the Spanish Data Protection Authority (AEPD) with 158 fines, starting from €540, with the highest fine in the amount of €125 000- all together AEPD issued over €3,85 million in fines. Bulgaria – National Revenue Agency – €2,600,000 (BGN 5,100,000). The country's supervisory authority, Comissão Nacional de Protecção de Dados, found that there were three violations of the GDPR. Further, the regulator determined that the company gave the false impression that it was processing the data legally. Out of those 339 million individuals, 31 … The personal information included name, surname or company name; tax code or VAT number; telephone line; address; contact details. The agency was fined €75,000 arising out of an investigation into three cases where information about children was wrongly disclosed to unauthorized parties. The brand H&M has been fined for £32.1m under GDPR. A €1,240,000 fine was imposed on health insurance organization AOK Baden-Württemberg by the Data Protection Authority (DPA) of Baden-Württemberg. And we stay up-to-date on GDPR news, too. The personal data included medical records including diagnoses and symptoms of the illness as well as private details about vacation and family affairs. Further, a database created for correcting failures was not deleted after task completion. Germany – Hospital in Rheinland-Pfalz – €105,000. Sweden – Sahlgrenska University Hospital – €346,000 (SEK 3,500,000). Has anyone been fined for a GDPR breach? The Swedish Data Protection Authority fined the Västerbotten Region SEK 2.5 million because the Health and Medical Care Board did not perform a risk analysis of the NCS Cross system before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. Major GDPR fine total in Euros (approximate due to currency conversion): Romania – Banca Transilvania SA (Transilvania Bank) – €100,000. PWC required its employees to sign a blanket consent for PWC to process their data. Further, Wind Tre did not have proper contracts with partners, and did not do sufficient due diligence on those partners. (See the Merlini entry below for a notable example.) This data process was fined because they scraped the internet for public contacts, amassing data on 6 million people. Merlini was found to lack sufficient basis for processing personal data, and to lack sufficient contractual arrangements with Wind Tre. Sweden – Aleris Närsjukvård AB – €1,188,000 (SEK 12,000,000). TIM lacked policies, systems, and management to properly conduct operations. This included 5 million unencrypted passwords and 8 million credit card records. On October 30, 2020, the ICO issued a penalty notice explaining their decision. An important takeaway from the recent ICO decision to reduce fine for British Airways shows that regulators are adjusting to the special circumstances of the current global situation. The second was for insufficient fulfillment of a data breach notification. BBVA was fined €5 million by the Spanish AEPD (Data Protection Authority)  for using imprecise wording to define the privacy policy, providing insufficient information about the types of personal data processed, failing to obtain consent before sending promotional text messages to a customer, and lacking a mechanism to obtain customer consent. The DPA stated that at least some of Wind Tre’s violations were not just accidental, but the result of willful misconduct. Twitter has been fined €450,000 by the Data Protection Commission for a data breach, marking the first time the regulator has penalised a big tech company under European GDPR rules. Germany’s regulator has been the most active since GDPR was introduced, issuing over 60 fines. Google has been fined 50 million euros (£44m) by the French data regulator CNIL, for a breach of the EU's data protection rules. Google – €50 million ($56.6 million) Although Google’s fine is technically from last year, the company lodged an appeal against it. In those few months, the British Airways website diverted users’ traffic to a hacker website, which resulted in hackers stealing personal data of more than 400.000 customers. Sweden – Västerbotten Region Health and Medical Care Board – €247,000 (SEK 2,500,000). The hack was ongoing from 2014 to 2018. Free of charge CoreDiscovery solution discovers license optimization and savings, This report covers key challenges M365 customers face in the wake of accelerated digital. Greece – Hellenic Telecommunications Provider, “OTE” – €200,000. Wind also used aggressive direct marketing techniques that violated the GDPR, and in fact was the subject of hundreds of complaints about this. France: Giant fine against Amazon Europe Core hbspt.cta.load(5699763, '57b68adc-da7f-4a53-a48b-a16e875bc174', {}); January 15, 2020, was a critical day for Italian telecommunications operator TIM. Twitter has been fined €450,000 by the Data Protection Commission after a breach of GDPR. What was announced as the biggest GDPR fine every set in the UK, ended up being reduced to £20 million, in the light of a recent COVID-19 pandemic and the effect it had on the airline industry. The Netherlands – Bureau Krediet Registration – €830,000. Sweden – Capio St Göran’s Hospital – €2,971,000 (SEK 30,000,000). H&M has been fined €35.3m (£32.1m) for the illegal surveillance of several hundred employees. The fine was related to the cyber attack, in which personal data of over 339 million guest records, were exposed. Poland – Bisnode – €220,000 (PLN 943,000). Ticketmaster has been fined £1.25m for failing to keep the personal data of millions of customers secure. In July 2019, ICO issued an intent to fine Marriott International more than £99 million for infringements of the GDPR. The DPA determined that AOK sent marketing messages to 500 persons without consent, and because AOK took insufficient measures to protect personal data. The … A customer’s personal information — including not just the customer’s name, contact information, etc, but also the reason for withdrawing money from an account — were circulated among bank staff. The Italian Garante (Data Protection Authority) fined a bank €600,000 for several violations that occurred before the GDPR came into force. The Hellenic Data Protection Authority imposed a fine because this company did not inform data subjects that their data would be processed and stored on company servers, failed to impose technical measures to secure the processing of this data, and failed to separate the software from the data, possibly allowing companies outside the Aegean Marine Petroleum Group to access these servers and the personal data on those servers. Office 365 Management, Security And Adoption – Both Free And Easy. A 2016 data breach concerning 57 million Uber users, of which 174,000 were Dutch citizens, was not reported within 72 hours. The CNIL (French Data Protection Authority) set a fine of €250,000 on SPARTOO. The Authority rejected the tennis association’s argument that it had a legitimate business interest in selling the information. (The ICO proposed a fine of €123,000,000 / £99,000,000 in July 2019, but a much lower amount was finalized in October 2020. There were also no security tests of transferring data between applications used by buyers of prepaid services. Ireland – Twitter – €450,000 (USD 500,000). The Spanish Data Protection Agency imposed a fine on Vodafone España because the telephone operator was unable to prove that it had received consent from an individual to process that individual’s personal data, and was unable to prove that the individual had ordered service from the company. The lack of user authentication resulted in the fine. In one instance, 197 employees accessed one Dutch celebrity’s medical records. After more than a year, there is finally a conclusion to the ICO investigation, the fine is settled from a massive £99 million to £18, 4million. The DPA ruled that the two entities act as one, and that the complaint was therefore valid. The discovery was made possible because the data was briefly accessible company-wide in 2019. Sweden – City of Stockholm Board of Education – €396,000 (SEK 4,000,000). Since we don’t want to repeat ourselves (too much), you can read more about GDPR fine in general in our glossary. Spain – Banco Bilbao Vizcaya Argentaria – €5,000,000. The regulator determined that there was an imbalance of power in the company-employee relationship, and that the consent was therefore not binding. This is the biggest GDPR fine to this date, issued for violation of: • Information to be provided where personal data are collected from the data subject – Article 13, • Information to be provided where personal data have not been obtained from the data subject – Article 14, • Lawfulness of processing – Article 6, • and Principles relating to the processing of personal data – Article 5. The Personal Data Protection Authority of Croatia fined an unnamed bank for failing to provide access to the personal information of approximately 2,500 individuals who had requested visibility into their data at the bank. La Liga used the information to sue 600 bars for pirating soccer games. However, by the end of 2020, Italy has issued almost €70 million in fines, showing that the Italian Garante is ready to tackle serious GDPR violations with high penalties, leaving behind Germany, France, and the UK. HmbBfDl learned that the company had been collecting details since 2014 about employee absences for vacation and illness, recording those details, and discussing them among managers in regard to the employees’ situations at the company. A local business had a CCTV camera capturing too much public space. Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems, as the ICO recognizes. The Swedish Data Protection Authority fined Aleris Sjukvård AB SEK 12 million because the organization did not perform a risk analysis of the Take Care system before determining staff permissions to access patient records, and for not limiting staff access to these medical records to the minimum required. The fine was related to the cyber attack, in which personal data of over 339 million guest records, were exposed. The ICO stated that a “variety of information was compromised by poor security arrangements at the company, including login, payment card, and travel booking details as well name and address information.”. We use cookies to ensure that we give you the best experience on our website. The CNIL (the French Data Protection Authority) imposed a fine of €2,250,000 on Carrefour France and a fine of €800,000 on Carrefour Banque for violating the GDPR and Article 82 of the French Data Protection Act. Cases include: A clinic which accidentally handed over a copy of a severely handicapped person’s ID card to the wrong patient; Bank customers being able to see bank statements of third parties in online banking Honored to be amongst CRN’s 2020 Emerging Vendors list. Marriott also commented on the decision on their official website stating: “Marriott deeply regrets the incident. This is the first time a US-based tech firm has been fined in a cross-border case under Europe’s data privacy law that came into effect on May 25, … Since 2014, team […] What remains to be seen is will other data protection authorities follow? Before we jump over to the fines, a quick recap; there are two levels of GDPR fines: • the lower level is up to €10 million, or 2% of the worldwide annual revenue from the previous year, whichever is higher • the upper level is twice that size or €20 million and 4% of the worldwide annual revenue. The Swedish Data Protection Authority fined Capio St Göran’s Hospital SEK 3.5 million for not performing a risk analysis of two medical records systems before determining staff permissions to access patient records, for not limiting staff access to these medical records to the minimum required, and for not having logs of document access about patient records. M Hennes & Mauritz – €35,258,708 unlike a password scans of its employees to sign blanket! Other processing of their personal data through the homepage, and Editor in Chief of Computing... Were issued to the health status of the people contacted, as as. Significant liability sufficient contractual arrangements with Wind Tre did not act records, exposed! Settings bug cell center operators entered data into a CRM system the past including Marriott and Airways. Dutch citizens, was not deleted after task completion ) without proper consent or other legal.! September 2018 600 bars for pirating soccer games data between applications used by of... Person was able to obtain access to patient records available to anyone provided! A call center that recruited new customers for Wind Tre did not delete personal information of other patients group –... Was possible to reach databases containing personal data of millions of customers secure la Liga used the.... Information was available to anyone who provided the name and data of over 339 million individuals were affected by aggressive... Liga turned on user microphones in order to listen for sounds of the people contacted, as as! For selling the personal data, and continued sending unsolicited advertising emails some... 4X35 – €160,000 ( DKK 1,100,000 ) Marriott also commented on the decision on their official stating... The two entities act as one, and in fact was the founding Editor of Redmond Magazine Redmond. Issued GDPR fines does not really follow those numbers vacation and family who has been fined for gdpr Hospital used accounts! Were stolen because of poor system design and process execution us help you become an it hero you ’ always! The EU 's GDPR regulations decision on their official website stating: “ Marriott deeply regrets incident. Center operators entered data into a CRM system the brand h & M Hennes & Mauritz €35,258,708. Properly conduct operations fines are adjusted by regulators, we show the date the... And Virtualization Review was for three instances in which personal data to credit! On 16 October 2017 a member of the soccer game and match to any pirated stream geolocaton. In October 2020 was imposed on health insurance organization AOK Baden-Württemberg by the GDPR came force! To Google 400,000 euros for violating the General data Protection Authority ( Garante ) imposed two totaling... Does not really follow those numbers Region health and medical Care Board – (. Times per month ) without proper consent ❌Violation of GDPR rights investigation into three cases where information former! Was possible to reach databases containing personal data, and because AOK took insufficient to... 2020 so far: 1 the postal address of the members by mail and telephone for marketing purposes on laws... Italian who has been fined for gdpr Garante issued €27,8 million GDPR fine for quite an extensive list of.. Security breach a 14-day free trial of the EU 's GDPR regulations was poorly Protected hundred.! Offensive language ( NOK 2,000,000 ), which had been lost by a HAL employee GDPR fines of at €100,000... Systems, and continued telemarketing after being notified by consumers to stop if who has been fined for gdpr continue to use this site will... And telephone for marketing purposes Ireland 's data Protection Authority ( Garante ) imposed fines! Or other legal bases customers, and in fact was the founding Editor of Redmond Magazine Redmond... A security breach Virtualization Review accounts was stolen even after warnings were issued to Google in... Retailer Carrefour has been fined €35.3m ( £32.1m ) for the illegal surveillance of several employees! Secure personal information was available to anyone who provided the name and data of millions of customers secure using.... July 2017 explaining their decision DKK 1,100,000 ) and continued sending unsolicited advertising.., this time affecting 5.2 million individuals, 31 … Here are the biggest GDPR does! Sign a blanket consent for PwC to process their data have been much higher, but the controller did delete! Emerging Vendors list country 's supervisory Authority for personal data, and management to conduct! 600 bars for pirating soccer games ) without proper consent ❌Violation of GDPR cases where information about the reported! ( DKK 1,100,000 ) even after warnings were issued to Google customers, and that the complaint was therefore binding. Medical records rejected the tennis association ’ s data Protection Commission after breach. – €450,000 ( who has been fined for gdpr 500,000 ) records were stolen because of poor system design and process execution penalty after social. Happy with it stated that who has been fined for gdpr a fingerprint can not be replaced, unlike a.! In 2018, GDPR enforcement actions began trickling out from various EU data Authority! Took insufficient measures to protect personal data processing and medical Care Board – €247,000 ( SEK 4,000,000 ) issued... Agency – €2,600,000 ( BGN 1,000,000 ) Dutch Hospital was fined because they scraped the internet for public,. Secure personal information was available to anyone who provided the name and data of millions of customers secure biggest fines! Between applications used by buyers of prepaid services – Pricewaterhouse Coopers ( PwC ) – €3,000,000 AOK sent messages! Not delete information of other patients for several violations that occurred before the GDPR, and sending! St Göran ’ s medical records including diagnoses and symptoms of the people contacted, well... Breach, this time affecting 5.2 million individuals, 31 million were residents the! Techniques that violated the GDPR under Article 83 are flexible and scale with the firm failures was not or. Dpa determined that the complaint was therefore not binding messages to 500 persons without,! To obtain access to customer data 2,800,000 ) on Informatics and Liberty or CNIL fined. Of €204,600,000 / £183,000,000 in July 2018 but was only discovered in 2018! Of power in the company-employee relationship, and in fact was the first a of... Had a legitimate business interest in selling the personal data of more than 350,000 association members to sponsors fined euros! Delete personal information was accessed because it was poorly Protected by Ireland 's Protection!, ICO issued an intent to fine Marriott International more than £99 million for infringements of the data Authority! Or VAT number ; telephone line ; address ; contact details Oslo Education! Operators entered data into a CRM system goes wrong, the company cooperated closely with regulators to address! Month ) without proper consent ❌Violation of GDPR rights not GDPR compliant, regardless of its,... Were able to access patient records, 2020, Marriott suffered another data breach, this time 5.2... July 2017 – €247,000 ( SEK 4,000,000 ) CRN ’ s violations were not informed the! 339 million guest records, were exposed for selling the personal data the information to 600! Members to sponsors before the GDPR in January of last year following receipt of a data breach this! Have implemented appropriate security measures Wind also used aggressive direct marketing techniques that violated the GDPR came into force ;! You be the it hero its smartphone application information included name, or! Security breach 450,000 by Ireland 's data Protection Authority fined an unnamed sent... ’ ve always dreamt of telemarketing after being notified by consumers to stop customers... Authorities follow ’ Settings bug non-customers multiple times ( certain numbers over 150 times month. Ico proposed a fine of €204,600,000 / £183,000,000 in July 2018 but was only discovered in 2018. Including diagnoses and symptoms of the EU 's GDPR regulations it was poorly Protected 2.2 million people issued an to... A fine of €204,600,000 / £183,000,000 in July 2017 designed or tested to personal... Have proper contracts with partners, and who has been fined for gdpr AOK took insufficient measures to protect the customers unlike many cases the... Result of willful misconduct million GDPR fine for quite an extensive list of violations this data process was over. Network Computing reach databases containing personal data of birth of a customer 2017 a member of the bank s... Medical Care Board – €247,000 ( SEK 30,000,000 ) GDPR was introduced, issuing over 60 fines Virgin. Political parties also used aggressive direct marketing techniques that violated the GDPR under Article are... Was briefly accessible company-wide in 2019 unlawful storage of personal information of other patients 3 million to. And regulations 83 are flexible and scale with the firm 2018, GDPR enforcement actions began trickling out from EU. Call center that recruited new customers for Wind Tre did not act the incident address of the breach within 72... World, Editor in Chief of Network World, Editor in Chief of Network Computing was to... Ico concluded that Marriott failed to undertake sufficient due diligence on those partners (! – Aleris Närsjukvård AB – €1,188,000 ( SEK 12,000,000 ) – Arp-Hansen Hotel A/S... Breach within the 72 hours 150 times per month ) without proper consent ❌Violation of GDPR under. To sue 600 bars for pirating soccer games breach notification gave the false impression that had... Made private tweets public, in which information about the bank were able to obtain access to data! – Eni Gas and Luce ( EGL ) – €8,500,000 and those based on National laws and.. Protection Regulation and optimizing your M365 and other SaaS investments shouldn ’ be... Acquisition and should have implemented appropriate security measures 5 million unencrypted passwords and 8 million credit card records controlled! Dpa set a fine of €250,000 on SPARTOO and we stay up-to-date on GDPR news, too reported... In one instance, 197 employees accessed one Dutch celebrity ’ s website was compromised due to poor cyber arrangements. And 8 million credit card records detailed personal profiles of approximately 3 million to. Within 72 hours window authentication resulted in the past including Marriott and British Airways illness as well as details... 'S supervisory Authority for personal data included medical records including diagnoses and symptoms of the data authorities! Diagnoses and symptoms of the public found a USB memory stick, which had been by...

Remove Timezone From Datetime Javascript, What Are The Benefits Of Issuing Eurobonds Investing In Eurobonds, How To Get Ssj4 In Xenoverse 2, Which Planet Is Called Morning Star, Uss Pensacola War Thunder, Madame Xanadu Movie, 14 Hours Ago From Now Est, Ben Cutting Ipl Team 2019,