Allium UPI
€3,000,000
Insufficient technical and organisational measures to ensure information security
결정 날짜
2025년 9월 5일
권한
Estonian Data Protection Authority (AKI)
EE
섹터
Industry and Commerce
국가
EE
법률
GDPR상태
FINAL설명
The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.
문제 및 위반 사항
Insufficient technical and organisational measures to ensure information security