The Personal Data Protection Agency (AZOP) has imposed a fine of €2.265 million on the B2 Kapital debt collection company due to its breach of General Data Protection Regulation (GDPR), the Croatian agency reported on Thursday.

This administrative penalty was imposed on the B2 Kapital after it processed personal data of a high number of persons (debtors) in “non-transparent and unsafe manner”, the AZOP says, among other things.

Also the safety and security of personal data of 83,896 persons has been put at risk by activities of the B2 Kapital company, says AZOP.

The debt collecting agency has not yet informed AZOP whether it has already taken steps to prevent further risks concerning the breaches of personal data protection rules.