Company

€18,700

Insufficient involvement of data protection officer

Otsuse kuupäev

27. oktoober 2021

Ametiasutus

National Commission for Data Protection (CNPD)

LU

Sektor

Industry and Commerce

Riik

HU

Seadus

GDPR

Staatus

FINAL

Kirjeldus

The DPA of Luxembourg has imposed a fine of EUR 18,700 on a company. During its investigation, the DPA first found that the controller's public website did not include direct contact details for the DPO. Furthermore, the DPO was not sufficiently involved in all data protection matters. For example, they only participated in internal meetings by invitation. Moreover, there were several hierarchical intermediaries between the DPO and the highest management level of the controller, not granting them sufficient autonomy. Also, in the absence of formalized procedures, the DPO was not able to sufficiently monitor the consistency of data processing practices.

Õiguslikud viited

Art. 37 (7)Art. 38 (1)Art. 39 (1)

Probleemid ja rikkumised

Insufficient involvement of data protection officer
Vaata ametlikku dokumenti
Tagasi trahvide andmebaasi juurde
Eelmine trahv
Hungarian National Authority for Data Protection a...
Järgmine trahv
Data Protection Authority of Hamburg (HmbBfDI) - C...

Privaatsuse jõustamise kohta ajakohastatud teave

Me austame teie privaatsust. Üks e-kiri kuus, ei ole rämpsposti, loobuda tellimusest igal ajal.