Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider)

€288,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

12 de junio de 2020

Autoridad

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

HU

Sector

Media, Telecoms and Broadcasting

País

HU

Ley

GDPR

Estado

FINAL

Descripción

The company had infringed the principles of purpose limitation and storage restriction because its database contained a large amount of customer data which were no longer relevant for the actual purpose of collection and for which no retention period had been set. Furthermore, the NAIH pointed out that the defendant had not taken proportionate measures to reduce the risks in the area of data management and data security, arguing, inter alia, that it had not used encryption mechanisms.

Citas legales

Art. 5 (1)Art. 32 (1)

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Czech Data Protection Auhtority (UOOU) - Legal Per...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.