Croatian Personal Data Protection Agency AZOP recently imposed an administrative fine of HRK 2.15 million

Croatian Personal Data Protection Agency AZOP recently imposed an administrative fine of HRK 2.15 million on the data controller for the unauthorized processing of personal data. The controller did not take the necessary measures to achieve the appropriate security measure in accordance with the existing foreseeable risks, thereby acting contrary to Article 25(1) and Article 32(1)b) and d) and paragraph 2 of GDPR.

In the second case, AZOP found that the controller had not marked that the individual premises as well as the outer surfaces of the object concerned were under video surveillance, which is contrary to Article 27(1) of Law on the Implementation of the General Data Protection Regulation for which he imposed an administrative fine of HRK 30.000,00.

The penalties for infringements of the GDPR are significantly higher than those provided for by the previous Law on the Protection of Personal Data and can reach up to EUR 20.000.000,00 or 4% of the total annual turnover globally for the previous year, whichever is higher.