Croatia
Primary School
2,000 €
GDPR enforcement action by Croatian Data Protection Authority (azop) on 2025-09-01.
Rank · Sector
#330
of 356 in Public Sector and Education
Rank · Croatia
#38
of 43
Rank · All fines
#2,405
of 3,039
Case details
- Authority
- Croatian Data Protection Authority (azop)
- Date
- 2025-09-01
- Controller / Processor
- Primary School
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 GDPR, Art. 6 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Croatian DPA has imposed a fine of EUR 2,000 on a primary school. In the context of an internal audit, the controller processed payroll data and forwarded it to City X, but failed to adequately remove personal data that was not necessary for processing. The controller only used a black marker, applying it insufficiently, and did not black out the names of the data subjects.
Open original source
Links to the regulator's original publication or another source.
Related fines
Croatia
2023-10-05
5,470,000 €
ETid-2063
Debt collection company
Finance, Insurance and Consulting
Croatia
2024-04-22
5,004,000 €
ETid-2303
Unknown
Not assigned
Croatia
2025-11-24
4,500,000 €
ETid-2937
Telecommunications operator (operator of electronic communications networks and services)
Media, Telecoms and Broadcasting
Croatia
2023-05-04
2,265,000 €
ETid-1816
Debt collection agency
Finance, Insurance and Consulting
Croatia
2025-12-18
1,500,000 €
ETid-3102
Bank
Finance, Insurance and Consulting
Croatia
2023-05-18
380,000 €
ETid-1859
Sports betting operator
Industry and Commerce