Asper Biogene OÜ
Insufficient technical and organisational measures to ensure information security
Ngày ra quyết định
10 tháng 1, 2025
Thẩm quyền
Estonian Data Protection Authority (AKI)
EE
Ngành
Health Care
Quốc gia
EE
Luật
GDPRTrạng thái
FINALMô tả
The Estonian DPA imposed a fine of EUR 85,000 on Asper Biogene OÜ. Asper Biogene OÜ suffered a data leak due to a lack of adequate security measures. The leak affected approximately 100,000 files containing personal, health and genetic data. Asper Biogene OÜ also appointed a member of the board of directors as DPO, resulting in a conflict of interest. A fine of EUR 80,000 was imposed for the inadequate security measures. The unlawful appointment of the DPO was fined EUR 5,000. ---UPDATE--- The Tartu County Court overturned the DPA's decision. The DPA has appealed against the court's decision.