Brav s.r.l.

€10,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

24 de marzo de 2022

Autoridad

Italian Data Protection Authority (Garante)

IT

Sector

Industry and Commerce

País

IT

Ley

GDPR

Estado

FINAL

Descripción

The Italian DPA has imposed a fine of EUR 10,000 on Brav s.r.l.. The operator of the online platform had reported a data breach to the DPA pursuant to Art. 33 GDPR. Unauthorized persons had managed to access the platform used by the Genoa Police for the management of traffic violations, as well as the personal data contained therein. According to the City of Genoa, it was possible to gain unauthorized access to the platform due to the fact that certain employees had unauthorizedly disclosed the password for accessing the platform, in violation of official regulations. For this reason, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. The controller should have ensured that passwords were changed regularly to prevent unauthorized persons from gaining access to personal data.

Citas legales

Art. 5 (1)Art. 32

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Polish National Personal Data Protection Office (U...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.