Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
Päätöspäivä
5. syyskuuta 2025
Viranomainen
Estonian Data Protection Authority (AKI)
EE
Ala
Industry and Commerce
Maa
EE
Laki
GDPRTila
FINALKuvaus
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
Asiat ja rikkomukset
Insufficient technical and organisational measures to ensure information security