Telecommunications company – €285,000 Fine (Croatia, 2022)

€285,000Agencija za zaštitu osobnih podataka21 July 2022Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Croatian telecommunications company was fined EUR 285,000 after a data breach exposed information of about 100,000 people. The company failed to put strong security measures in place, making it easy for attackers to access the data. This case highlights the importance of robust security, especially for companies handling large amounts of personal data.

What happened

A telecommunications company suffered a data breach due to inadequate security measures, exposing data of about 100,000 individuals.

Who was affected

Customers of the telecommunications company whose personal data was accessed by attackers.

What the authority found

The Croatian DPA found that the company did not implement adequate technical and organizational security measures, violating GDPR requirements.

Why this matters

This case underscores the need for companies, especially large ones, to prioritize data security to prevent breaches. It serves as a reminder that failing to protect customer data can lead to significant fines.

GDPR Articles Cited

AI-verified

Art. 25(1) GDPR
Art. 32(1)(b) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 25(1) GDPR
Art. 32(1)(b) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 44 Zakon o provedbi Opće uredbe o zaštiti podataka
Art. 45 Zakon o provedbi Opće uredbe o zaštiti podataka
Art. 46 Zakon o provedbi Opće uredbe o zaštiti podataka
Source verified 6 March 2026
articles corrected
national law identified
amount discrepancy
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Telecommunications company actions
Full Legal Summary
Detailed

The Croatian DPA has fined a telecommunications company EUR 285,000. The company had suffered a data breach. Attackers had managed to access data from about 100,000 data subjects. During its investigation, the DPA found that such a breach was facilitated by the company's failure to implement adequate technical and organizational security measures for the processing of personal data. For example, the processing systems lacked access restrictions. In assessing the fine, it was taken into aggravating account that the company is one of the leading telecommunications companies in Croatia and therefore, due to the high volume of data processed there, the risk of an attack on the systems was to be expected. For this very reason, the company should have paid more attention to ensuring that sufficient safety measures were taken.

Related Enforcement Actions (0)

No other enforcement actions found for Telecommunications company in HR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 July 2022

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€285,000

Enforcement Tracker ID

ETid-1293

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Telecommunications company - Croatia (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: