Hospital – €4,000 Fine (Croatia, 2025)

€4,000Agencija za zaštitu osobnih podataka24 March 2025Croatia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Croation DPA (AZOP) has imposed a fine of EUR 4,000 on a hospital. The AZOP found that the hospital used a company which automatically retrieved personal data of vehicle owners via the Ministry of the Interior's web service without a legal basis, to issue parking fines for vehicle owners. Additionally, the hospital failed to inform parking users transparently and in accordance with legal requirements about the processing of their personal data related to parking fees. Furthermore, the hospital did not implement appropriate organizational measures to protect the data and lacked a contractual agreement with the external commercial company processing the data. The hospital was fined for breaching Art. 13, Art. 14 (2)(f), Art. 25 (1) and Art. 28(3) GDPR.

GDPR Articles Cited

Art. 13 GDPR
Art. 14(2)(f) GDPR
Art. 25(1) GDPR
Art. 28(3) GDPR
Croatia enforcementAgencija za zaštitu osobnih podataka actionsAll Hospital actions
Full Legal Summary

The Croation DPA (AZOP) has imposed a fine of EUR 4,000 on a hospital. The AZOP found that the hospital used a company which automatically retrieved personal data of vehicle owners via the Ministry of the Interior's web service without a legal basis, to issue parking fines for vehicle owners. Additionally, the hospital failed to inform parking users transparently and in accordance with legal requirements about the processing of their personal data related to parking fees. Furthermore, the hospital did not implement appropriate organizational measures to protect the data and lacked a contractual agreement with the external commercial company processing the data. The hospital was fined for breaching Art. 13, Art. 14 (2)(f), Art. 25 (1) and Art. 28(3) GDPR.

Related Enforcement Actions (3)

Other enforcement actions involving Hospital in HR

Fine
Sept 2024· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) has imposed a fine of EUR 190,000 on a hospital. The hospital had suffered a data breach in which radiological image files wer...

€190K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croatian DPA (AZOP) imposed a fine of EUR 20,000 on a hospital for failing to implement adequate technical and organizational measures to protect ...

€20K
Fine
Mar 2025· Agencija za zaštitu osobnih podataka

The Croation DPA (AZOP) has imposed a fine of EUR 3,000 on a hospital. Despite the extensive and high-risk processing of health data, the hospital had...

€3K
Current
Mar 2025

Fine

€4K

Details

Fine Date

24 March 2025

Authority

Agencija za zaštitu osobnih podataka

Fine Amount

€4,000

Enforcement Tracker ID

ETid-2606

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Hospital - Croatia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: