Funeral Home

Kirjeldus

The Polish DPA has fined a funeral home EUR 7,800. The funeral home failed to implement sufficient technical and organisational measures to prevent a data breach. The funeral home had stored documents containing personal data in unlocked boxes. The company also transported those boxes in an open truck, which resulted in 10 boxes falling out of the truck and landing on the side of a road, where the boxes were found by the police. The driver did not notice the loss, due to the fact that that the boxes had not been counted. This resulted in the funeral home not reporting the incident to the DPA. During the investigation, the DPA found that the controller had failed to carry out a sufficient risk analysis and had failed to demonstrate sufficient supervision over the data processing.