Legal Entity – €5,020 Fine (Slovenia, 2025)

€5,020Informacijski pooblaščenec25 July 2025Slovenia
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A legal entity in Slovenia was fined €5,020 for failing to protect personal data in an application it developed. The company did not secure the programming interface properly, leading to a data breach that affected around 100,000 users. This incident serves as a warning for businesses to implement strong security measures when handling personal data.

What happened

The legal entity failed to secure its application, resulting in a data breach that exposed personal data of many users.

Who was affected

Approximately 100,000 users whose personal data was compromised due to the lack of security measures.

What the authority found

The Slovenian DPA determined that the legal entity did not implement adequate technical measures to protect personal data, leading to the fine.

Why this matters

This ruling stresses the need for companies to prioritize data security and implement necessary protections to prevent breaches. It serves as a reminder that inadequate security can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
View original scraped data
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
amount discrepancy
entity split needed
Slovenia enforcementInformacijski pooblaščenec actionsAll Legal Entity actions
Full Legal Summary
Detailed

The Slovenian DPA has imposed a fine of EUR 5,020 on a legal entity. The controller had developed an application that allowed the exchange of personal data, but failed to implement technical measures to protect the programming interface when switching from the test environment to the production environment. This resulted in a data breach affecting approximately 100,000 users. The entity was fined EUR 4,820, and the person responsible was fined EUR 200.

Related Enforcement Actions (7)

Other enforcement actions involving Legal Entity in SI

Fine
Jul 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 2,200 on a legal entity. An employee of the company forwarded health data to a lawyer without sufficient g...

€2K
Current
Jul 2025

Fine

€5K

Fine
Jul 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 11,614 on a legal entity. The controller did not delete the email address of a former employee, but rather...

€12K
Fine
Nov 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 16,650 on a legal entity. The controller stored personal data on a publicly accessible web server without ...

€17K
Fine
Nov 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 6,600 on a legal entity. The controller used GPS trackers to systematically and indiscriminately monitor i...

€7K
Fine
Dec 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 1,300 on a legal entity. An employee of the controller stored personal data on her work laptop without sec...

€1K
Fine
Dec 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 5,100 on a legal entity. The controller operated a website where natural persons could fil in their person...

€5K
Fine
Dec 2025· Informacijski pooblaščenec

The Slovenian DPA has imposed a fine of EUR 75,474 on a legal entity. Without a sufficient legal basis, the controller installed software on an employ...

€75K

Details

Fine Date

25 July 2025

Authority

Informacijski pooblaščenec

Fine Amount

€5,020

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Legal Entity - Slovenia (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: