Slovenia
Legal Entity
16,650 €
GDPR enforcement action by Slovenian Supervisory Authority (Informacijski pooblaščenec) on 2025-11-21.
Rank · Sector
#38
of 218 in Not assigned
Rank · Slovenia
#2
of 17
Rank · All fines
#1,148
of 3,050
Case details
- Authority
- Slovenian Supervisory Authority (Informacijski pooblaščenec)
- Date
- 2025-11-21
- Controller / Processor
- Legal Entity
- Sector
- Not assigned
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Slovenian DPA has imposed a fine of EUR 16,650 on a legal entity. The controller stored personal data on a publicly accessible web server without taking sufficient technical and organisational measures. The server could be accessed via a unique URL without additional safeguards, such as a password login. The entity was fined EUR 16,250, and the person responsible was fined EUR 400.
Open original source
Links to the regulator's original publication or another source.
Related fines
Slovenia
2025-12-11
75,474 €
ETid-3012
RIEDL PRECISION d.o.o.
Employment
Slovenia
2025-05-14
16,000 €
ETid-3002
Oddaja sob
Accomodation and Hospitality
Slovenia
2026-03-27
13,491 €
ETid-3110
Legal Person
Not assigned
Slovenia
2025-07-29
11,614 €
ETid-3006
Legal Entity
Not assigned
Slovenia
2025-11-26
6,600 €
ETid-3009
Legal Entity
Employment
Slovenia
2026-04-15
6,600 €
ETid-3111
Utility Company
Industry and Commerce