Poste Vita S.p.a.
€80,000
Insufficient technical and organisational measures to ensure information security
Data della decisione
10 luglio 2025
Autorità
Italian Data Protection Authority (Garante)
IT
Settore
Finance, Insurance and Consulting
Paese
IT
Legge
GDPRStato
FINALDescrizione
The Italian DPA has imposed a fine on Poste Vita S.p.a. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a third party successfully tricking an employee into forwarding sensitive personal data, which was then used against the data subject.
Citazioni legali
Art. 5 (1)Art. 33 (1)
Problemi e violazioni
Insufficient technical and organisational measures to ensure information security