Legal Entity – €2,200 Fine (Slovenia, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Slovenian authority fined a legal entity for improperly sharing health data. This is important because it shows that companies must handle sensitive information carefully. Businesses should train employees on data privacy to avoid similar issues.
What happened
A legal entity was fined for an employee forwarding health data to a lawyer without proper justification.
Who was affected
The legal entity and its employee who shared the health data.
What the authority found
The authority found that the company violated data protection rules by not having sufficient grounds for sharing the health data.
Why this matters
This case highlights the need for strict protocols when handling sensitive information. Companies should implement clear guidelines to prevent unauthorized data sharing.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Slovenian DPA has imposed a fine of EUR 2,200 on a legal entity. An employee of the company forwarded health data to a lawyer without sufficient grounds. The company was fined EUR 2,000, while the employee was fined EUR 200.
Related Enforcement Actions (7)
Other enforcement actions involving Legal Entity in SI
Fine
€2K
Details
Fine Date
22 July 2025
Authority
Informacijski pooblaščenec
Fine Amount
€2,200
Enforcement Tracker ID
ETid-3003
About this data
Cite as: Cookie Fines. Legal Entity - Slovenia (2025). Retrieved from cookiefines.eu
Last updated: