Legal Person – €13,491 Fine (Slovenia, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Slovenian company was fined EUR 13,491 for not keeping health records secure. They allowed unauthorized people to access sensitive data by using a weak security method. This case highlights the importance of strong data protection measures for any business handling personal information.
What happened
A legal person failed to implement adequate security measures, allowing unauthorized access to health records.
Who was affected
Individuals whose health records were accessible due to poor security practices.
What the authority found
The authority found that the company did not use sufficient technical measures to protect personal data, violating GDPR's security requirements.
Why this matters
This ruling emphasizes that companies must take data security seriously to protect sensitive information. Businesses should regularly review their security practices to avoid similar penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Slovenian DPA has imposed a fine of EUR 13,491 on a legal person. The controller failed to implement adequate technical and organisational measures to ensure data security by not using a sufficient randomisation method, which allowed unauthorised persons to easily access data subjects' health records by guessing a six-digit number and entering it into a web browser.
Related Enforcement Actions (0)
No other enforcement actions found for Legal Person in SI
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
27 March 2026
Authority
Informacijski pooblaščenec
Fine Amount
€13,491
Enforcement Tracker ID
ETid-3110
About this data
Cite as: Cookie Fines. Legal Person - Slovenia (2026). Retrieved from cookiefines.eu
Last updated: