Bulgarian Post EAD – €500,000 Fine (Bulgaria, 2022)

€500,000Commission for Personal Data Protection4 May 2022Bulgaria
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Bulgarian Post EAD was fined €500,000 after a hacking attack exposed their failure to protect customer data. This case matters because it underscores the need for strong security measures to prevent data breaches. Businesses must prioritize data protection to avoid similar penalties.

What happened

Bulgarian Post EAD suffered a hacking attack that exposed their inadequate data protection measures.

Who was affected

Customers whose personal data was at risk due to the hacking attack on Bulgarian Post EAD.

What the authority found

The Bulgarian DPA found that Bulgarian Post EAD failed to implement adequate security measures to protect personal data, violating GDPR.

Why this matters

This case serves as a warning to companies about the importance of implementing robust security measures to protect personal data. It highlights the financial and reputational risks associated with data breaches and the need for ongoing vigilance in data protection.

GDPR Articles Cited

AI-verified

Art. 32(1)(b) GDPR
Art. 32(1)(c) GDPR
Art. 32(1)(d) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 32(1)(b) GDPR
c)
d) GDPR
Art. 32(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Bulgaria enforcementCommission for Personal Data Protection actionsAll Bulgarian Post EAD actions
Full Legal Summary
Detailed

The Bulgarian DPA has imposed a fine of EUR 500,000 on Bulgarian Posts EAD. The controller had suffered a hacking attack, during which the attackers managed to access the controller's databases. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data in order to avoid a data breach.

Related Enforcement Actions (0)

No other enforcement actions found for Bulgarian Post EAD in BG

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 May 2022

Authority

Commission for Personal Data Protection

Fine Amount

€500,000

Enforcement Tracker ID

ETid-1832

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bulgarian Post EAD - Bulgaria (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: