enforcement action HR enforcement 9/10
Government · Croatian Personal Data Protection Agency

The Croatian Personal Data Protection Agency (AZOP) issued a significant administrative fine of EUR 4.5 million to a telecommunications operator for infringements of the General Data Protection Regulation (GDPR). The violations specifically concerned the unlawful transfer of personal data, underscoring the strict enforcement of data protection rules by EU member state authorities.

Effective date

2025-11-14

Action required

Companies, particularly telecommunication operators and other data controllers, must review their data processing and transfer mechanisms to ensure full compliance with the General Data Protection Regulation (GDPR) to avoid substantial administrative fines.

Binding status

binding

Governing body

Agencija za zaštitu osobnih podataka

Direction

restrictive

Innovation impact

constraining

Enforcement details

Agency

Croatian Personal Data Protection Agency

Penalty

EUR 4,500,000.00

Compliance requirements

Prohibited practices

  • Unlawful transfer of personal data

Affected industries

telecommunications

Affected roles

general counselcompliance officerdata scientistprivacy officer

Frameworks

eu ai act

Cross-references

Cites laws

General Data Protection Regulation

"Following ex officio proceedings, the Croatian Personal Data Protection Agency imposed an administrative fine on a telecommunications operator (an operator of electronic communications networks and services), in its capacity as controller, in the total amount of EUR 4,500,000.00 for violations of the General Data Protection Regulation."

Enriched 2026-05-31

Stay informed

Get daily intelligence briefs on this and related regulatory developments.

Start 14-day trial