Company

€18,700

Insufficient involvement of data protection officer

Päätöspäivä

27. lokakuuta 2021

Viranomainen

National Commission for Data Protection (CNPD)

LU

Ala

Industry and Commerce

Maa

HU

Laki

GDPR

Tila

FINAL

Kuvaus

The DPA of Luxembourg has imposed a fine of EUR 18,700 on a company. During its investigation, the DPA first found that the controller's public website did not include direct contact details for the DPO. Furthermore, the DPO was not sufficiently involved in all data protection matters. For example, they only participated in internal meetings by invitation. Moreover, there were several hierarchical intermediaries between the DPO and the highest management level of the controller, not granting them sufficient autonomy. Also, in the absence of formalized procedures, the DPO was not able to sufficiently monitor the consistency of data processing practices.

Oikeudelliset viittaukset

Art. 37 (7)Art. 38 (1)Art. 39 (1)

Asiat ja rikkomukset

Insufficient involvement of data protection officer
Näytä virallinen asiakirja
Takaisin sakkotietokantaan
Edellinen Fine
Hungarian National Authority for Data Protection a...
Seuraava hieno
Data Protection Authority of Hamburg (HmbBfDI) - C...

Pysy ajan tasalla yksityisyyden suojan valvonnasta

Kunnioitamme yksityisyyttäsi. Yksi sähköpostiviesti kuukaudessa, ei roskapostia, peruuta tilaus milloin tahansa.