Croatia
Croatian Insurance Bureau
101,000 €
GDPR enforcement action by Croatian Data Protection Authority (azop) on 2025-07-02.
Rank · Sector
#41
of 357 in Public Sector and Education
Rank · Croatia
#12
of 43
Rank · All fines
#459
of 3,050
Case details
- Authority
- Croatian Data Protection Authority (azop)
- Date
- 2025-07-02
- Controller / Processor
- Croatian Insurance Bureau
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 (1) e) GDPR, Art. 32 (2), (4) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Croatian DPA has imposed a fine of EUR 101,000 on the Croatian Insurance Bureau. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in the leak of the personal data from over a million vehicle owners. In determining the amount of the fine, the DPA took into account, that according to local regulations, fines imposed on public entities must not jepordice the fined entity's performance.
Open original source
Links to the regulator's original publication or another source.
Related fines
Croatia
2023-10-05
5,470,000 €
ETid-2063
Debt collection company
Finance, Insurance and Consulting
Croatia
2024-04-22
5,004,000 €
ETid-2303
Unknown
Not assigned
Croatia
2025-11-24
4,500,000 €
ETid-2937
Telecommunications operator (operator of electronic communications networks and services)
Media, Telecoms and Broadcasting
Croatia
2023-05-04
2,265,000 €
ETid-1816
Debt collection agency
Finance, Insurance and Consulting
Croatia
2025-12-18
1,500,000 €
ETid-3102
Bank
Finance, Insurance and Consulting
Croatia
2023-05-18
380,000 €
ETid-1859
Sports betting operator
Industry and Commerce