Hospital – €4,000 Fine (Croatia, 2025)

€4,000Agencija za zaštitu osobnih podataka24 March 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Croatian hospital was fined EUR 4,000 for improperly using personal data to issue parking fines. They accessed vehicle owners' information without a legal basis and failed to inform users about how their data was processed. This case highlights the importance of transparency and legal compliance when handling personal data.

What happened

The hospital used a company to automatically retrieve personal data of vehicle owners without a legal basis to issue parking fines.

Who was affected

Vehicle owners whose personal data was accessed by the hospital for parking fines were affected.

What the authority found

The authority ruled that the hospital violated multiple GDPR articles by failing to have a legal basis for data processing and not informing users properly.

Why this matters

This ruling emphasizes that organizations must have clear legal grounds for processing personal data and must communicate transparently with users. Other businesses should review their data handling practices to ensure compliance.

GDPR Articles Cited

AI-verified

Art. 13(GDPR)
Art. 14(2)(f) GDPR
Art. 25(1) GDPR
Art. 28(3) GDPR
View original scraped data
Art. 13(GDPR)
Art. 14(2) f) GDPR
Art. 25(1) GDPR
Art. 28(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
articles corrected
national law identified
amount discrepancy
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Hospital actions
Full Legal Summary
Detailed

The Croation DPA (AZOP) has imposed a fine of EUR 4,000 on a hospital. The AZOP found that the hospital used a company which automatically retrieved personal data of vehicle owners via the Ministry of the Interior's web service without a legal basis, to issue parking fines for vehicle owners. Additionally, the hospital failed to inform parking users transparently and in accordance with legal requirements about the processing of their personal data related to parking fees. Furthermore, the hospital did not implement appropriate organizational measures to protect the data and lacked a contractual agreement with the external commercial company processing the data. The hospital was fined for breaching Art. 13, Art. 14 (2)(f), Art. 25 (1) and Art. 28(3) GDPR.

Related Enforcement Actions (3)

Other enforcement actions involving Hospital in HR

Fine
Sept 2024· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed a fine of EUR 190,000 on a hospital. The hospital had suffered a data breach in which radiological image files wer...

€190K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croation DPA (AZOP) has imposed a fine of EUR 3,000 on a hospital. Despite the extensive and high-risk processing of health data, the hospital had...

€3K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) imposed a fine of EUR 20,000 on a hospital for failing to implement adequate technical and organizational measures to protect ...

€20K
Current
Mar 2025

Fine

€4K

Details

Fine Date

24 March 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€4,000

Enforcement Tracker ID

ETid-2606

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hospital - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: