I wish that my previous company gets investigated. They probably got more violations if they are investigated. Here are a few examples:

The company is in the telecom business and they wanted to create AI summaries of their phone calls. So they used real private calls of their clients as test data without their knowledge & consent.

The CEO also made fun of someone handwritten CV on LinkedIn. Sure, he blurred out the obvious data but shit like certificates, past history & rough location was still present. It was not be hard to find who it was.

The 2FA of some IT services was still on the ex-CTOs private phone (now he is a consultant 1x a week)

One of their engineers moved back to Russia and has access to sensitive data. (aka call recording of insurances, banking, fire departments, ...)

Offering users to write a public review of the company for a discount if the review is positive. The "paid review" is not mentioned.

The reviews of their new feature are done by 'external' people but they all benefit from the companies success. The review is written from their own company but it was written by the external design company (CEOs wife under her own company), marketing consultant (under his own company).

They did fire an employee illegally (as in did not follow the legal procedures, the new COO thought she was a consultant, she was in fact not so she had more protections)

They did fire an employee for untrue reasons and waiting till he was on holiday & abroad (dick move but legal I think)

They did spy through the security cameras and made up a reason to fire someone. Company offered free soda during that time, employee did not like the offered soda and filled it with a diet-variant on their own dime. He then took his own bought diet-soda back home (not all) and got fired for stealing. (or idk, it might have been ice tea or fanta)

They did not report that an employee sold company data but he was let go.

They run cookies on their website but has no clause for cookie-consent.

Their features that they are promoting & selling is not working like expected

They lie about their server uptime or heavily manipulate it.

They sell a feature that is no longer supported and broke a few updates ago.

They are offering a product as a fix that is simply not longer supported by the development team

They have fired consultants and then refuse to pay their last month salary or only pays it partially. Happened as far as i know, 4 times (no proof).

Everyone had access to the full password vault including the login credentials for business routers and the credit card info of the CEO, CFO, CTO. It took me multiple times to report it to the IT admin for mine to be restricted.

Every new dev has access to production data within a few weeks or direct database access

Any person who has access to the admin-portal can spoof phonenumbers in a few clicks.

A colleague is blacklisted at the police portal for past crimes where they have to fulfil police orders. He did them pretending to be a different employee who was approved. Also, they do not keep track of the data needed to fill in the yearly report (idk why the company has to them but the police does not do it).

They forgot to implement a warning (legally needed) before someone hits their data limit. those people cannot be billed. Someone was watching 4k movies in Signapore and costed the company tens of thousands of Euro.

If I think of more, I'll add it comments lol