Restaurant
Not Available
Insufficient technical and organisational measures to ensure information security
Decision Date
1 de janeiro de 2020
Authority
Data Protection Authority of Hamburg
DE
Sector
Accomodation and Hospitality
Country
DE
Law
GDPRStatus
FINALDescription
In order to combat the Covid 19 pandemic, a restaurant had put out an open list in which visitors had to enter their contact data. The fact that the list was openly displayed would have made it possible for unauthorized third parties to gain access to the data.
Legal Citations
Art. 32
Issues & Violations
Insufficient technical and organisational measures to ensure information security