Back

GDPR Fines Imposed on Multiple Companies for Data Protection Violations

Severity: Low (Score: 21.9)

Sources: Enforcementtracker

Published: 2026-06-07 · Updated: 2026-06-07

Keywords: gdpr, fine, against, enforcement, action, data, protection

Severity indicators: rce, ot

Summary

In recent GDPR enforcement actions, three companies faced fines for various data protection violations. Isabel SA in Belgium was fined EUR 120,000 for providing incorrect privacy information, collecting excessive data, and misclassifying itself. Framos Italia s.r.l. in Italy received a EUR 5,000 fine for denying a former employee access to their work email and failing to respond to data subject requests. Posada del León de Oro in Spain was fined EUR 240 for improperly recording audio with surveillance cameras and not adequately informing data subjects. These actions highlight ongoing scrutiny of data protection compliance across Europe. Key Points: • Isabel SA fined EUR 120,000 for GDPR violations including excessive data collection. • Framos Italia s.r.l. fined EUR 5,000 for denying access to a former employee's email. • Posada del León de Oro fined EUR 240 for improper audio recording and lack of transparency.

Detailed Analysis

**Impact** Three companies across Belgium, Italy, and Spain were fined for GDPR violations involving personal data mishandling. Isabel SA (Belgium) was fined EUR 120,000 for excessive data collection and misclassification of its role, affecting users of the 'TruliUs' authentication app. Framos Italia s.r.l. (Italy) received a EUR 5,000 fine related to improper access control and data retention of a former employee’s work email account. Posada del León de Oro (Spain) was fined EUR 240 for unauthorized audio surveillance and inadequate data subject notification. The affected sectors include authentication services, industrial manufacturing, and hospitality. **Technical Details** No specific attack vectors, malware, CVEs, or infrastructure details were reported. Violations involved improper data processing practices such as excessive data collection, failure to provide accurate privacy information, inadequate response to data subject rights requests, misclassification of data roles, unauthorized surveillance recording, and improper data retention policies. **Recommended Response** Review and update privacy notices to ensure accuracy and completeness. Implement strict data minimization and retention policies aligned with GDPR requirements. Train personnel on data subject rights and proper data handling procedures. Monitor and audit access controls, especially for former employees, and ensure surveillance systems comply with legal audio/video recording standards.

Source articles (4)

  • ETid-3185: GDPR fine against Posada del León de Oro (Spain, 2026) — Enforcementtracker · 2026-06-04
    GDPR enforcement action by Spanish Data Protection Authority (aepd) on 2026-04-28. The Spanish DPA has imposed a fine of EUR 240 on Posada del León de Oro. The controller had installed a surveillance…
  • ETid-3183: GDPR fine against Obuda University (Hungary, 2026) — Enforcementtracker · 2026-06-07
    GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2026-02-05. The Hungarian DPA has imposed a fine of EUR 4,200 on Obuda University.…
  • ETid-3177: GDPR fine against Framos Italia s.r.l. (Italy, 2026) — Enforcementtracker · 2026-06-07
    GDPR enforcement action by Italian Data Protection Authority (Garante) on 2026-04-17. The Italian DPA has imposed a fine of EUR 5,000 on Framos Italia s.r.l. Following termination of the employment co…
  • ETid-3174: GDPR fine against Isabel SA (Belgium, 2026) — Enforcementtracker · 2026-06-07
    GDPR enforcement action by Belgian Data Protection Authority (APD) on 2026-05-12. The Belgian DPA has imposed a fine of EUR 120,000 on Isabel SA. The controller, who operates the 'TruliUs' authenticat…

Timeline

  • 2026-04-17 — GDPR fine against Framos Italia s.r.l.: Italian DPA fined the company EUR 5,000 for denying access to a former employee's email account.
  • 2026-04-28 — GDPR fine against Posada del León de Oro: Spanish DPA fined the hotel EUR 240 for excessive audio recording and inadequate information to data subjects.
  • 2026-05-12 — GDPR fine against Isabel SA: Belgian DPA imposed a EUR 120,000 fine for incorrect privacy information and excessive data collection.

Related entities

  • Isabel SA (Company)
  • Posada Del León De Oro (Company)
  • Belgium (Country)
  • Italy (Country)
  • Spain (Country)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed