Croatian Insurance Bureau – €101,000 Fine (Croatia, 2025)

€101,000Agencija za zaštitu osobnih podataka2 July 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Croatian Insurance Bureau was fined €101,000 for not securing personal data, which led to a leak affecting over a million vehicle owners. This case is significant because it shows that companies must take data security seriously to protect their customers. Small businesses should learn from this and ensure they have strong security measures in place.

What happened

The Croatian DPA fined the Croatian Insurance Bureau €101,000 for failing to implement adequate security measures, resulting in a data leak.

Who was affected

Over a million vehicle owners whose personal data was leaked were affected by the company's security failures.

What the authority found

The DPA found that the company did not have sufficient technical and organizational measures to protect personal data, violating GDPR's security requirements.

Why this matters

This case highlights the importance of data security for all businesses. Small business owners should invest in proper security protocols to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(e) GDPR
Art. 32(2) GDPR
Art. 32(4) GDPR
View original scraped data
Art. 5(1) e) GDPR
Art. 32(2) GDPR
(4) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 44 Zakona o provedbi Opće uredbe o zaštiti podataka
Source verified 23 April 2026
articles corrected
national law identified
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Croatian Insurance Bureau actions
Full Legal Summary
Detailed

The Croatian DPA has imposed a fine of EUR 101,000 on the Croatian Insurance Bureau. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in the leak of the personal data from over a million vehicle owners. In determining the amount of the fine, the DPA took into account, that according to local regulations, fines imposed on public entities must not jepordice the fined entity's performance.

Related Enforcement Actions (0)

No other enforcement actions found for Croatian Insurance Bureau in HR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 July 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€101,000

Enforcement Tracker ID

ETid-3098

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Croatian Insurance Bureau - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: