Court case K-648/2025-2 – Court Ruling (Croatia, 2025)

The defendant, an insurance agent at Croatia Osiguranje d.d., had his access to company business applications revoked during his employment termination notice period in September 2021. Despite this restriction and without authorization from his employer or clients, he used the login credentials of another employee to repeatedly access internal sales applications. He then sent 41 emails containing 848 documents that included the insurance policies and personal data (names, addresses, personal identification numbers, birth dates, and phone numbers) of at least 334 clients. He first sent the data to his official work email and then forwarded it to his private email. The prosecution alleged that this conduct violated the GDPR, the Croatian GDPR Implementation Act, and internal company access rules and this this constituted unauthorized use of personal data and unauthorized access to computer systems under Croatian criminal law. The court held that the defendant committed a criminal offense against privacy. Because the defendant intentionally accessed and used personal data without permission and without a valid legal basis under Article 6(1) GDPR, the court held that he committed the criminal offense of violation of privacy under Article 146(1) of the Croatian Criminal Code. The court sentenced HIM to a prison term of three months. Additionally, the court found that the defendant knowingly accessed the employer’s computer systems without authorisation. The court held that this conduct constituted a criminal offense against computer systems, programs, and data under Article 266(1) of the Croatian Criminal Code because it involved intentional interference with computer systems which the defendant had no lawful access. For this the court sentenced the defendant to a prison term of four months. The court combined the sentences into a single six-month prison term. It then imposed a suspended sentence, so the prison term would not be executed if the defendant did not commi