Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
Otsuse kuupäev
5. september 2025
Ametiasutus
Estonian Data Protection Authority (AKI)
EE
Sektor
Industry and Commerce
Riik
EE
Seadus
GDPRStaatus
FINALKirjeldus
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
Probleemid ja rikkumised
Insufficient technical and organisational measures to ensure information security