Restaurant

Ei ole saadaval

Insufficient technical and organisational measures to ensure information security

Otsuse kuupäev

1. jaanuar 2021

Ametiasutus

Data Protection Authority of Saarland

DE

Sektor

Accomodation and Hospitality

Riik

DE

Seadus

GDPR

Staatus

FINAL

Kirjeldus

A restaurant had disposed of 120 completed guest registration forms for contact tracing purposes during the Covid-19 pandemic in a publicly-accessible dumpster. During its investigation, the DPA also found that already during the restaurant's operation, the restaurant had not implemented adequate safeguards to protect the data processed during the guest registration process. For example, the completed guest registration forms were kept in an adjoining room accessible to all employees without special security measures, such as a locked cabinet.

Õiguslikud viited

Art. 24Art. 32

Probleemid ja rikkumised

Insufficient technical and organisational measures to ensure information security
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
Data Protection Authority of Schleswig-Holstein - ...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.