Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider)
€288,000
Insufficient technical and organisational measures to ensure information security
Ημερομηνία απόφασης
12 Ιουνίου 2020
Αρχή
Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
HU
Τομέας
Media, Telecoms and Broadcasting
Χώρα
HU
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The company had infringed the principles of purpose limitation and storage restriction because its database contained a large amount of customer data which were no longer relevant for the actual purpose of collection and for which no retention period had been set. Furthermore, the NAIH pointed out that the defendant had not taken proportionate measures to reduce the risks in the area of data management and data security, arguing, inter alia, that it had not used encryption mechanisms.
Νομικές παραπομπές
Art. 5 (1)Art. 32 (1)
Θέματα & Παραβάσεις
Insufficient technical and organisational measures to ensure information security