Brav s.r.l.

Description

The Italian DPA has imposed a fine of EUR 10,000 on Brav s.r.l.. The operator of the online platform had reported a data breach to the DPA pursuant to Art. 33 GDPR. Unauthorized persons had managed to access the platform used by the Genoa Police for the management of traffic violations, as well as the personal data contained therein. According to the City of Genoa, it was possible to gain unauthorized access to the platform due to the fact that certain employees had unauthorizedly disclosed the password for accessing the platform, in violation of official regulations. For this reason, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. The controller should have ensured that passwords were changed regularly to prevent unauthorized persons from gaining access to personal data.