Esselunga S.p.A. – €5,000 Fine (Italy, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Esselunga S.p.A. was fined €5,000 for delaying a former employee's request to access their attendance records. This case shows that companies must respond promptly to data requests to comply with privacy laws.
What happened
Esselunga S.p.A. failed to provide a former employee with their attendance records in a timely manner after a request was made.
Who was affected
A former employee of Esselunga S.p.A. who requested access to their attendance records.
What the authority found
The Italian DPA ruled that the company did not fulfill its obligation to provide personal data upon request, violating GDPR's access rights.
Why this matters
This ruling highlights the importance of timely responses to data access requests. Businesses should have clear procedures in place to handle such requests efficiently.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has imposed a fine of EUR 5,000 on Esselunga S.p.A. A former employee of the controller requested access to their attendance records. Rather than providing these records, the controller called the data subject to verify the reason for the request. It was only after the data subject had contacted the DPA that the controller provided him with the requested data.
Related Enforcement Actions (0)
No other enforcement actions found for Esselunga S.p.A. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 March 2026
Authority
Garante per la protezione dei dati personali
Fine Amount
€5,000
Enforcement Tracker ID
ETid-3159
About this data
Cite as: Cookie Fines. Esselunga S.p.A. - Italy (2026). Retrieved from cookiefines.eu
Last updated: