1 million EUR GDPR fine for not granting user rights

A fine just shy of 1 million EUR was applied to Sats, one of the largest fitness centers  in the Nordic region, with locations in Norway, Sweden, Denmark and Finland.


The Norwegian Data Protection Authority had received several complaints about the data processor between 2018 and 2021, all regarding the company’s failure to comply with demands for access and deletion and thus breaching the General Data Protection Regulation.


The Authority discovered that the large fitness chain didn’t have proper authorization to process data about customers’ training history, meaning that they were illegally processing customers’ personal data, as well as when they entered or exited the centers.


The decision highlights the importance of businesses fulfilling their duties related to users’ rights to safeguard privacy.




Writen by: Briana Huști