Croatian telecom operator faces €4.5m fine for GDPR breach

( November 14, 2025, 15:50 GMT | Official Statement) -- MLex Summary: An unnamed Croatian telecom operator has received a €4.5 million fine for breaching the EU’s General Data Protection Regulation. The company had unlawfully transferred personal data to a processor in Serbia — an EU candidate country — without having appropriate safeguards in place, and also failed to inform its customers about the transfer, the Croatian data watchdog said. The Serbian processor was able to access the sensitive data of more than 800,000 people. The operator was also found to have unlawfully processed employees’ ID cards. The company can appeal the fine within 30 days.Statement follows (in Croatian). ...

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Croatian telecom operator faces €4.5m fine for GDPR breach

Prepare for tomorrow’s regulatory change, today

Related Sections