Norwegian State Pension Fund (SPK)

€98,000

Insufficient legal basis for data processing

Data deciziei

24 noiembrie 2021

Autoritatea

Norwegian Supervisory Authority (Datatilsynet)

NO

Sector

Public Sector and Education

Țara

NO

Legea

GDPR

Statut

FINAL

Descriere

The Norwegian DPA has imposed a fine of EUR 98,000 on the Norwegian State Pension Fund (SPK). The controller had notified the DPA of a data breach pursuant to Art. 33 GDPR. The DPA found that the controller had unlawfully collected certain income information since 2016. For example, the controller had collected health-related information on disability pensions, although this was not required. Approximately 24,000 individuals were affected by these incidents. In addition, the DPA found that SPK did not implement routines to review and delete excessive information collected until 2019.

Citări juridice

Art. 5 (1)Art. 6 (1)Art. 9 (2)

Probleme și încălcări

Insufficient legal basis for data processing
Vezi documentul oficial
Înapoi la baza de date a amenzilor
Amenda anterioară
Spanish Data Protection Authority (aepd) - UNIÓN F...
Următoarea amendă
Data Protection Authority of Hamburg (HmbBfDI) - C...

Rămâneți la curent cu aplicarea normelor de confidențialitate

Îți respectăm confidențialitatea. Un e-mail pe lună, fără spam, dezabonare oricând.