Legal Person – €13,491 Fine (Slovenia, 2026)

€13,491Informacijski pooblaščenec27 March 2026Slovenia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Slovenian DPA has imposed a fine of EUR 13,491 on a legal person. The controller failed to implement adequate technical and organisational measures to ensure data security by not using a sufficient randomisation method, which allowed unauthorised persons to easily access data subjects' health records by guessing a six-digit number and entering it into a web browser.

GDPR Articles Cited

Art. 32(GDPR)
Slovenia enforcementInformacijski pooblaščenec actionsAll Legal Person actions
Full Legal Summary

The Slovenian DPA has imposed a fine of EUR 13,491 on a legal person. The controller failed to implement adequate technical and organisational measures to ensure data security by not using a sufficient randomisation method, which allowed unauthorised persons to easily access data subjects' health records by guessing a six-digit number and entering it into a web browser.

Related Enforcement Actions (0)

No other enforcement actions found for Legal Person in SI

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

27 March 2026

Authority

Informacijski pooblaščenec

Fine Amount

€13,491

Enforcement Tracker ID

ETid-3110

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Legal Person - Slovenia (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: