Croatia
Bank
1,500,000 €
GDPR enforcement action by Croatian Data Protection Authority (azop) on 2025-12-18.
Rank · Sector
#23
of 322 in Finance, Insurance and Consulting
Rank · Croatia
#5
of 43
Rank · All fines
#143
of 3,050
Case details
- Authority
- Croatian Data Protection Authority (azop)
- Date
- 2025-12-18
- Controller / Processor
- Bank
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) a), c) GDPR, Art. 6 (1) GDPR, Art 12 GDPR, Art. 13 GDPR, Art. 25 (2) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Croatian DPA has imposed a fine of EUR 1,500,000 on a bank. The controller offers its customers mobile banking via an app developed by the controller. On Android and Huawei devices, the app collected data on every app installed on the device. This happened without sufficient legal basis and infringed the principle of data minimisation.
Open original source
Links to the regulator's original publication or another source.
Related fines
Croatia
2023-10-05
5,470,000 €
ETid-2063
Debt collection company
Finance, Insurance and Consulting
Croatia
2024-04-22
5,004,000 €
ETid-2303
Unknown
Not assigned
Croatia
2025-11-24
4,500,000 €
ETid-2937
Telecommunications operator (operator of electronic communications networks and services)
Media, Telecoms and Broadcasting
Croatia
2023-05-04
2,265,000 €
ETid-1816
Debt collection agency
Finance, Insurance and Consulting
Croatia
2023-05-18
380,000 €
ETid-1859
Sports betting operator
Industry and Commerce
Croatia
2025-07-22
320,000 €
ETid-3100
HEP-Toplinarstvo
Transportation and Energy