Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC) – €50,000 Fine (Italy, 2025)

€50,000Garante per la protezione dei dati personali13 March 2025Italy
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ARSAC was fined EUR 50,000 for improperly handling employee geographic data. They did not have a valid reason to process this information and failed to inform employees about how their data was used. This case reminds businesses to be transparent and lawful when handling personal data.

What happened

ARSAC processed geographic data of its employees without a sufficient legal basis.

Who was affected

Employees whose geographic data was processed without proper justification.

What the authority found

The Italian DPA ruled that ARSAC violated multiple GDPR principles, including fairness and transparency, by not providing adequate information and failing to conduct a data protection impact assessment.

Why this matters

This ruling emphasizes the need for organizations to have clear legal grounds for processing personal data and to communicate effectively with employees about their data rights.

GDPR Articles Cited

AI-verified

Art. 5(GDPR)
Art. 6(GDPR)
Art. 13(GDPR)
Art. 25(GDPR)
Art. 35(GDPR)
Art. 88(GDPR)
View original scraped data
Art. 5(GDPR)
Art. 6(GDPR)
Art. 13(GDPR)
Art. 25(GDPR)
Art. 35(GDPR)
Art. 88(GDPR)

Original data from scraper before AI verification against source document.

Source verified 12 March 2026
articles corrected
Italy enforcementGarante per la protezione dei dati personali actionsAll Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC) actions
Full Legal Summary
Detailed

The Italian DPA imposed a fine of EUR 50,000 on the Regional agency for development and services in agriculture (ARSAC). The controller processed geographic data of its employees without sufficient legal basis. The controller also failed to provide sufficient informations in its internal documents regarding the data procession, breached the basic principles of lawfullness, fairness, transparency and purpose limitation and failed to conduct a data protection impact assesement. The total sum of the fine can be reduced by 50% if paid within sixty days.

Related Enforcement Actions (0)

No other enforcement actions found for Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC) in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

13 March 2025

Authority

Garante per la protezione dei dati personali

Fine Amount

€50,000

Enforcement Tracker ID

ETid-2612

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Azienda regionale per lo sviluppo e per i servizi in agricoltura (ARSAC) - Italy (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: