Company – €40,000 Fine (Croatia, 2025)

€40,000Agencija za zaštitu osobnih podataka24 March 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A company in Croatia was fined EUR 40,000 for publishing personal data of sole traders on its website without a valid reason. This is important because it shows that even publicly available data must be handled properly. Companies need to inform individuals about how their data is used.

What happened

The Croatian DPA fined a company for publishing personal data of sole traders without a valid legal basis.

Who was affected

Sole traders whose personal data was published online were affected.

What the authority found

The authority found that the company violated multiple GDPR rules by not having a valid reason for publishing the data and failing to inform the individuals.

Why this matters

This case emphasizes the need for businesses to have clear justifications for processing personal data. Companies should ensure they communicate with individuals about their data to avoid hefty fines.

GDPR Articles Cited

AI-verified

Art. 12(GDPR)
Art. 14(GDPR)
Art. 30(GDPR)
Art. 5(1)(a) GDPR
Art. 6(1)(f) GDPR
Art. 38(3) GDPR
View original scraped data
Art. 5(1) a) GDPR
e) GDPR
Art. 6(1) f) GDPR
Art. 12(GDPR)
Art. 14(GDPR)
Art. 30(GDPR)
Art. 38(3) GDPR
(6) GDPR

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Company actions
Full Legal Summary
Detailed

The Croatian DPA (AZOP) has imposed a fine of EUR 40,000 on a company that published personal data of sole traders on its website. The data originated from public sources and from the financial agency FINA. Although publicly accessible, the authority found that there was no valid legal basis for the publication. Furthermore, the company did not inform the data subjects about the processing of their data and did not properly document its processing activities. Another point of concern was that the data protection officer was also the managing director of the company, which constitutes a conflict of interest under the GDPR. Therefore, the company was fined for breaching Art. 5 (1) (a) and (e), Art. 6 (1) (f), Art. 12, Art. 14, Art. 30, and Art. 38 (3) and (6) GDPR.

Related Enforcement Actions (3)

Other enforcement actions involving Company in HR

Fine
Feb 2024· Agencija za zaštitu osobnih podataka

The company was fined for loading non-essential cookies before obtaining valid consent and for not providing adequate cookie and privacy information.

€20K
Fine
Sept 2024· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed fines totaling EUR 35,700 on nine companies for failing to adequately indicate their video surveillance areas and ...

€36K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed a fine of EUR 80,000 on a company. The company was responsible for monitoring parking lots at several supermarkets...

€80K
Current
Mar 2025

Fine

€40K

Details

Fine Date

24 March 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€40,000

Enforcement Tracker ID

ETid-2604

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: