Unknown – €20,000 Fine (Germany, 2018)

€20,000Bundesbeauftragter für den Datenschutz1 January 2018Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A company in Germany was fined €20,000 for not reporting a data breach on time and failing to inform the people affected. This matters because it shows how important it is to act quickly and transparently when personal data is compromised.

What happened

A company failed to promptly report a data breach and did not notify the affected individuals.

Who was affected

Individuals whose personal data was involved in the unreported data breach.

What the authority found

The German authority fined the company for not meeting GDPR requirements to notify authorities and individuals about a data breach in a timely manner.

Why this matters

This case highlights the critical need for companies to have effective breach notification procedures. It serves as a reminder that delays in reporting can lead to significant penalties.

GDPR Articles Cited

AI-verified

Art. 33(1) GDPR
Art. 34(1) GDPR
View original scraped data
Art. 33(1) GDPR
Art. 34(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 13 March 2026
verified correct
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Unknown actions
Full Legal Summary
Detailed

Late notification of a data breach and failure to notify the data subjects.

Related Enforcement Actions (8)

Other enforcement actions involving Unknown in DE

Fine
Jan 2018· Bundesbeauftragter für den Datenschutz

Unknown

€500
Current
Jan 2018

Fine

€20K

Fine
Jan 2019· Bundesbeauftragter für den Datenschutz

A company was fined EUR 294 000 for 'unnecessarily long' storage and retention of personnel files and for 'excessive' data collection in the personnel...

€294K
Fine
Jan 2019· Bundesbeauftragter für den Datenschutz

A data controller failed to comply with data subject´s request to access their personal data.

€500
Fine
Jan 2019· Bundesbeauftragter für den Datenschutz

In a digital publication, health data was accidentally published due to inadequate internal control mechanisms.

€80K
Fine
Jan 2020· Bundesbeauftragter für den Datenschutz

The Bavarian DPA has imposed a fine on a company. The controller had refused access to the business premises and data processing equipment during an o...

€7K
Order
Jan 2021· Bundesbeauftragter für den Datenschutz

In order to combat the Covid 19 pandemic, a cemetery had put out an open list in which visitors had to enter their contact data. A cemetery employee o...

Fine
Jan 2022· Bundesbeauftragter für den Datenschutz

The DPA of Thüringen has imposed a fine on a controller. The controller had installed a video surveillance camera in the public entrance area of an ap...

Fine
Jan 2024· Bundesbeauftragter für den Datenschutz

The DPA of Hessen has imposed fines totaling EUR 13,486 on 41 data controllers. In its 2024 activity report, the DPA of Hesse reported a total of 47 f...

€41

Details

Fine Date

1 January 2018

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€20,000

Enforcement Tracker ID

ETid-29

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Unknown - Germany (2018). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: