Telecommunications company

€285,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

21 de julio de 2022

Autoridad

Croatian Data Protection Authority (azop)

HR

Sector

Media, Telecoms and Broadcasting

País

HR

Ley

GDPR

Estado

FINAL

Descripción

The Croatian DPA has fined a telecommunications company EUR 285,000. The company had suffered a data breach. Attackers had managed to access data from about 100,000 data subjects. During its investigation, the DPA found that such a breach was facilitated by the company's failure to implement adequate technical and organizational security measures for the processing of personal data. For example, the processing systems lacked access restrictions. In assessing the fine, it was taken into aggravating account that the company is one of the leading telecommunications companies in Croatia and therefore, due to the high volume of data processed there, the risk of an attack on the systems was to be expected. For this very reason, the company should have paid more attention to ensuring that sufficient safety measures were taken.

Citas legales

Art. 25 (1)Art. 32 (1)Art. 32 (2)

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Croatian Data Protection Authority (azop) - Car de...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.