Croatia
Information and Communication Company
50,000 €
GDPR enforcement action by Croatian Data Protection Authority (azop) on 2025-07-22.
Rank · Sector
#15
of 218 in Not assigned
Rank · Croatia
#15
of 43
Rank · All fines
#747
of 3,050
Case details
- Authority
- Croatian Data Protection Authority (azop)
- Date
- 2025-07-22
- Controller / Processor
- Information and Communication Company
- Sector
- Not assigned
- Quoted Articles
- Art. 32 (1) b), d), (2) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Croatian DPA has imposed a fine of EUR 50,000 on an information communication company. The controller suffered a cyber attack due to insufficient technical and organisational measures to ensure information security. Following the incident, the company implemented these measures and cooperated adequately with the supervisory authority.
Open original source
Links to the regulator's original publication or another source.
Related fines
Croatia
2023-10-05
5,470,000 €
ETid-2063
Debt collection company
Finance, Insurance and Consulting
Croatia
2024-04-22
5,004,000 €
ETid-2303
Unknown
Not assigned
Croatia
2025-11-24
4,500,000 €
ETid-2937
Telecommunications operator (operator of electronic communications networks and services)
Media, Telecoms and Broadcasting
Croatia
2023-05-04
2,265,000 €
ETid-1816
Debt collection agency
Finance, Insurance and Consulting
Croatia
2025-12-18
1,500,000 €
ETid-3102
Bank
Finance, Insurance and Consulting
Croatia
2023-05-18
380,000 €
ETid-1859
Sports betting operator
Industry and Commerce