GDPR Fine Tracker – An Ongoing, Always-Up-To-Date List of Enforcement Actions

In 2018, GDPR enforcement actions began trickling out from various EU data protection agencies. We want to give people a way to know who was fined, when, and why.

 

Did we miss one? Let us know at info@alpin.io.

 

Last updated: December 6, 2018

 

 

2018 GDPR Enforcement Actions

 

December, 2018

 

Portugal – Hospital near Lisbon – €400,000

 

Staff at the hospital used bogus accounts to access patient records.

 

November, 2018

 

Germany – Knuddels.de (social media / chat platform) – €20,000

 

Knuddels reported a data breach, and upon investigation, the local data protection agency determined the site had been storing user passwords in plaintext without hashing. The fine was issued over the data storage practices, not the breach itself.

 

October, 2018

 

Austria – small, local business – €4,800

 

Why: A local business had a CCTV camera capturing too much public space.

 

Alpin helps companies discover and manage their SaaS vendors. As part of that effort, we work to track the GDPR compliance status of a large number of vendors. And we stay up-to-date on GDPR news, too.

 


 

Want to talk more? Contact info@alpin.io or stay in touch by subscribing to our weekly roundup – which includes news, useful tips about SaaS apps, and our latest blog posts.



 

 

Mitchel Forney