Changeflow GovPing Government Sportadmin Fined SEK 6 Million for GDPR Data Leak
Urgent Enforcement Amended Final

Sportadmin Fined SEK 6 Million for GDPR Data Leak

IMY News (Sweden DPA)
Filed January 28th, 2026
Detected February 11th, 2026
Email Set alert

Summary

The Swedish Authority for Privacy Protection (IMY) has imposed an administrative fine of SEK 6 million on Sportadmin following a data leak that exposed personal data of over 2.1 million individuals. The authority found that Sportadmin did not maintain an appropriate level of security to protect the data, violating GDPR Article 32.

View original document View source feed page

What changed

The Swedish Authority for Privacy Protection (IMY) has issued an administrative fine of SEK 6 million against Sportadmin for violations of the General Data Protection Regulation (GDPR). This action follows an IT attack in January 2025 where personal data of over 2.1 million individuals, including sensitive health data and information on children, was leaked onto the Darknet. IMY determined that Sportadmin failed to implement an appropriate level of technical and organizational security measures, despite being aware of system weaknesses and elevated risks, and lacked adequate intrusion detection capabilities.

This enforcement action highlights the critical need for robust data security practices under GDPR. Regulated entities, particularly those processing sensitive personal data or data of minors, must ensure their security measures are adequate and actively monitored. While no specific compliance deadline is mentioned for Sportadmin's remediation, the SEK 6 million fine underscores the significant financial penalties for non-compliance with GDPR security requirements. Companies should review their cybersecurity protocols, risk assessments, and intrusion detection systems to prevent similar breaches and avoid substantial fines.

What to do next

  1. Review and enhance technical and organizational security measures for personal data processing.
  2. Implement or improve intrusion detection and real-time monitoring systems.
  3. Conduct thorough risk assessments and address identified security weaknesses promptly.

Penalties

SEK 6 million administrative fine

Related changes

Angus Fire PFAS Reduction Permit Consultation
Priority review Mar 07, 2026 Environment Agency Latest News Environment
Sydney Wheeler Environmental Permit Application Consultation
Routine Mar 07, 2026 Environment Agency Latest News Environment
Keepmoat Homes Environmental Permit Application Consultation
Routine Mar 07, 2026 Environment Agency Latest News Environment
Svoboda v. Amazon.com Inc. - Biometric Information Privacy Act Class Action
Priority review Mar 07, 2026 7th Circuit Court of Appeals Federal Courts
AEPD Fines ORNITOLÓGICA DE ANDALUCÍA FOA 131,801 Euros for GDPR Violation
Priority review Mar 07, 2026 AEPD Resolutions (Spain DPA) Data Protection
AEPD Archives Proceedings Against Orange Spain Regarding Portability
Priority review Mar 07, 2026 AEPD Resolutions (Spain DPA) Data Protection

Source

IMY News (Sweden DPA) imy.se/en/news
Government
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Filed
January 28th, 2026
Instrument
Enforcement
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Employers Technology companies
Geographic scope
National (Sweden)

Taxonomy

Primary area
Data Protection
Operational domain
Compliance
Topics
Cybersecurity GDPR

Browse Categories

Federal Courts 27 State Courts 105 Securities Regulation 2 Financial Regulation 24 Consumer Protection 2 Drug Safety 15 Data Protection 10 Competition 2 Attorneys General 3 Insurance Regulation 3 Trade & Export 38 Legislation 39 Government 98 Energy Regulation 6 Environment 3 Labor & Employment 2 Tax 1

Get Government alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.