Flamel S.r.l. – €15,000 Fine (Italy, 2026)

€15,000Garante per la protezione dei dati personali26 February 2026Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Flamel S.r.l. was fined €15,000 for mishandling personal data during its direct marketing efforts. This case matters because it highlights the responsibilities companies have when processing personal data, even if they are acting as a service provider.

What happened

Flamel engaged in direct marketing but failed to fulfill its duties as a data controller, leading to improper data processing.

Who was affected

Individuals whose personal data was involved in Flamel's marketing activities were affected.

What the authority found

The Italian DPA ruled that Flamel did not properly manage its data processing responsibilities, violating GDPR's requirements.

Why this matters

This ruling serves as a reminder that companies must understand their roles in data processing. Businesses should ensure they are compliant with data protection rules.

GDPR Articles Cited

AI-verified

Art. 8(GDPR)
Art. 11(GDPR)
Art. 25(GDPR)
Art. 39(GDPR)
Art. 42(GDPR)
Art. 43(GDPR)
View original scraped data
Art. 8(GDPR)
Art. 11(GDPR)
Art. 25(GDPR)
Art. 39(GDPR)
Art. 42(GDPR)
Art. 43(GDPR)

Original data from scraper before AI verification against source document.

Source verified 29 April 2026
articles corrected
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Flamel S.r.l. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 15,000 on Flamel S.r.l. The controller had been active in direct marketing activities involving robocalls followed up with telesales. Although Flamel S.r.l. had been a controller in substance, it acted as a data processor. Consequently, the controller failed to fulfil its duties as a data controller, resulting in an unlawfully organised processing chain. Furthermore, the controller could not simply rely on a contractual assurance regarding the consent of data subjects.

Related Enforcement Actions (0)

No other enforcement actions found for Flamel S.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 February 2026

Authority

Garante per la protezione dei dati personali

Fine Amount

€15,000

Enforcement Tracker ID

ETid-1254

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Flamel S.r.l. - Italy (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: