Aid organization

Not Available

Insufficient technical and organisational measures to ensure information security

Decision Date

January 1, 2022

Authority

Data Protection Authority of Brandenburg

DE

Sector

Individuals and Private Associations

Country

DE

Law

GDPR

Status

FINAL

Description

The DPA of Brandenburg has imposed a five-figure fine on an aid organization. The aid organization provides transportation for people with illnesses. The organization had reported a data breach to the DPA in which data of data subjects had been published due to a hack. At the time of the attack, the controller's database contained more than 80,000 records with data that included information about the health status of the data subjects. During its investigation, the DPA found that the bank had failed to take adequate technical and organizational measures to protect personal data, which allowed such a breach to occur. In addition, the DPA found that the bank had failed to conclude a processing agreement with its processors.

Legal Citations

Art. 28 (3)Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Data Protection Authority of Brandenburg - Operato...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.