Slovenia
Unknown
5,500 €
GDPR enforcement action by Slovenian Supervisory Authority (Informacijski pooblaščenec) on 2026-02-16.
Rank · Sector
#89
of 218 in Not assigned
Rank · Slovenia
#9
of 17
Rank · All fines
#1,675
of 3,050
Case details
- Authority
- Slovenian Supervisory Authority (Informacijski pooblaščenec)
- Date
- 2026-02-16
- Controller / Processor
- Unknown
- Sector
- Not assigned
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Slovenian DPA has imposed a fine of EUR 5,500 on a unkonwn company and a responsible person within the company. The controller failed to implement adequate technical and organisational measures to ensure data security by giving employees access to customer data that was not necessary for them to fulfil their duties. This resulted in a data breach. Additionally, the controller had been warned regarding the information obligations under Art. 12 and Art. 13 GDPR. The fine had been split up into a fine in the amount of EUR 5,400 for the company and EUR 100 for the employee responsible.
Open original source
Links to the regulator's original publication or another source.
Related fines
Slovenia
2025-12-11
75,474 €
ETid-3012
RIEDL PRECISION d.o.o.
Employment
Slovenia
2025-11-21
16,650 €
ETid-3008
Legal Entity
Not assigned
Slovenia
2025-05-14
16,000 €
ETid-3002
Oddaja sob
Accomodation and Hospitality
Slovenia
2026-03-27
13,491 €
ETid-3110
Legal Person
Not assigned
Slovenia
2025-07-29
11,614 €
ETid-3006
Legal Entity
Not assigned
Slovenia
2025-11-26
6,600 €
ETid-3009
Legal Entity
Employment