Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Croatian Data Protection Agency Imposes 9 New Fines for GDPR Violations

gdpr fine betting and gamblbing industry

In a recent development, the Croatian Data Protection Agency (AZOP) imposed nine new fines totaling €51,000 on data controllers for breaches of the General Data Protection Regulation (GDPR).

These fines stem from nine separate instances of non-compliance with GDPR provisions, highlighting the imperative for organizations to rigorously uphold data protection standards.

Two Fines in the Gambling and Betting Industry

Two administrative fines of €15,000 and €20,000 were imposed on data controllers in the gambling and betting industry for unlawful processing of personal data via cookies.

Cookie Consent Violations

The data controllers collected and processed personal data through cookies without enabling individuals to give or revoke consent for the processing of personal data in an informed and voluntary manner.

In situations where the processing of personal data is based on consent and serves multiple purposes, the consent text must be presented in a manner that clearly distinguishes it from other purposes in an understandable and easily accessible form using clear and simple language.

Since, in this specific case, the data controllers did not separate cookie consent and did not enable individuals to clearly give consent for various purposes, it is clear that the consent did not meet the legal requirements and was not valid as a proper legal basis.

Lack of Transparency in Privacy Policies

Upon review of the Privacy Policies of both data controllers, it was found that they did not contain information about the legal basis, types of cookies, the function and purpose of each cookie, or the duration of cookie storage.

AZOP found that controllers did not provide necessary information to website visitors about the processing of personal data and did not inform them about the processing in accordance with the principle of transparency.

Additionally, the data controller that was fined €20,000 processed personal data from the moment the webpage was loaded, even though individuals had not yet given their cookie consent, and were not aware that their personal data was being collected when accessing the website.

Fines for Unlawful Video Surveillance

Seven GDPR fines totaling €16,000 were imposed on data controllers for not providing information about the video surveillance and not marking the premises under video surveillance.

The notification was not visible upon entering the recording perimeter or the notification did not contain all relevant information. Individual fines ranging from €500 to €4,000 were imposed on hotels, catering establishments, and shops.

The data controller is obliged to indicate that the premises or individual rooms within it, as well as the external area of the premises, are under video surveillance, and the notification should be visible no later than upon entering the premises.

It’s better to be prepared

It’s crucial to recognize that GDPR fines extend beyond mere financial penalties.

They also carry substantial reputational damage, while undergoing audits can be an arduous process for companies, consuming valuable time and resources and adding unnecessary stress and resource drain that audits entail.

Organizations must prioritize readiness to mitigate risks effectively and regularly check their data protection practices. By investing in robust compliance strategies, companies not only minimize the threat of financial penalties but also safeguard their reputation and foster trust with consumers.

Check out our State-of-Privacy-Assessment (SOPA) – an external independent assessment that will help you assess your privacy compliance from an organizational and technical point of view to ensure that you are meeting the highest standards of data protection.

New call-to-action

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top