Allium UPI

€3,000,000

Insufficient technical and organisational measures to ensure information security

Decision Date

5 de setembro de 2025

Authority

Estonian Data Protection Authority (AKI)

EE

Sector

Industry and Commerce

Country

EE

Law

GDPR

Status

FINAL

Description

The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - Socieda...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.