Italy

Unleadmited S.r.l.

5,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2026-02-12.

Rank · Sector

#327

of 366 in Media, Telecoms and Broadcasting

Rank · Italy

#379

of 543

Rank · All fines

#1,833

of 3,039

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2026-02-12
Controller / Processor: Unleadmited S.r.l.
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 7 GDPR, Art. 24 GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Italian DPA has imposed a fine of EUR 5,000 on Unleadmited S.r.l. The controller operated a lead-generation business for direct marketing purposes and collected personal data through a website that was presented as a comparison portal. This data was then disclosed to third parties for their marketing activities. This processing lacked a sufficient legal basis, as the consent mechanism and privacy information were not specific, transparent or reliable enough. Furthermore, the controller failed to implement adequate technical and organisational measures to verify the identity of data subjects and demonstrate valid consent. Furthermore, the controller failed to respond properly and in a timely manner to the DPA’s requests.

Open original source Links to the regulator's original publication or another source.