Vejle Municipality

€27,000

Insufficient technical and organisational measures to ensure information security

Fecha de la decisión

16 de junio de 2021

Autoridad

Danish Data Protection Authority (Datatilsynet)

DK

Sector

Public Sector and Education

País

DK

Ley

GDPR

Estado

FINAL

Descripción

The Danish DPA (Datatilsynet) has imposed a fine of EUR 27,000 on Vejle municipality. The Danish DPA had started investigations against the municipality after it had reported a data breach pursuant to Art. 33 GDPR. The municipal dental care service had sent automated welcome letters to both parents as part of the treatment of children, which contained the contact details of both parents. In this process, the municipality had not checked whether it was permitted to pass the information on to the other parent. In several cases, parents thus received the address of the other parent, regardless of whether the other parent had name and address protection. The DPA considered this to be a failure of the municipality to take technical and organizational measures to ensure adequate data protection.

Citas legales

Art. 32

Problemas e infracciones

Insufficient technical and organisational measures to ensure information security
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Icelandic data protection authority ('Persónuvernd...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.