Hungarian political party

€34,375

Insufficient fulfilment of data breach notification obligations

Data decyzji

5 kwietnia 2019

Władza

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

HU

Sektor

Public Sector and Education

Kraj

HU

Prawo

GDPR

Status

FINAL

Opis

NAIH imposed a fine of HUF 11,000,000 (EUR 34,375) on an undisclosed Hungarian political party for failing to notify the NAIH and relevant individuals about a data breach, and failing to document the breach according to GDPR Article 33.5. As mandated by law, the fine was based on 4% of the party's annual turnover and 2.65 % of its anticipated turnover for the coming year. The breach was the result of a cyber attack by an anonymous hacker who accessed and disclosed information on the vulnerability of the organisation’s system – a database of more than 6,000 individuals – and the command used for the attack. The system was vulnerable to attack because of a redirection problem with the organisation's webpage. After the attacker published the command, even people with low IT knowledge were able to retrieve information from the database.

Cytaty prawne

Art. 33 (1)Art. 33 (5)Art. 34 (1)

Problemy i naruszenia

Insufficient fulfilment of data breach notification obligations
Zobacz oficjalny dokument
Powrót do bazy danych grzywien
Previous Fine
Data Protection Commision of Bulgaria (KZLD) - A.P...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Bądź na bieżąco z egzekwowaniem przepisów dotyczących prywatności

Szanujemy Twoją prywatność. Jeden e-mail miesięcznie, bez spamu, zrezygnuj z subskrypcji w dowolnym momencie.