Estonia
Allium UPI
3,000,000 €
GDPR enforcement action by Estonian Data Protection Authority (AKI) on 2025-09-05.
Rank · Sector
#16
of 597 in Industry and Commerce
Rank · Estonia
#1
of 8
Rank · All fines
#104
of 3,051
Case details
- Authority
- Estonian Data Protection Authority (AKI)
- Date
- 2025-09-05
- Controller / Processor
- Allium UPI
- Sector
- Industry and Commerce
- Quoted Articles
- Unknown
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
Open original source
Links to the regulator's original publication or another source.
Related fines
Estonia
2020-12-01
100,000 €
ETid-516
Apotheka e-apteek
Health Care
Estonia
2020-12-01
100,000 €
ETid-517
Südameapteegi e-apteek
Health Care
Estonia
2020-12-01
100,000 €
ETid-518
Azeta.ee e-apteek
Health Care
Estonia
2024-07-15
30,000 €
ETid-2593
Pere Sihtkapital SA
Not assigned
Estonia
2020-04-30
500 €
ETid-302
Housing Association
Real Estate
Estonia
2020-08-17
56 €
ETid-1427
Health care worker
Health Care