Benetton Group S.r.l.
€240,000
Non-compliance with general data processing principles
决定日期
2023年4月27日
权力
Italian Data Protection Authority (Garante)
IT
部门
Industry and Commerce
国家
IT
法律
GDPR现状
FINAL说明
The Italian DPA has imposed a fine of EUR 240,000 on Benetton Group S.r.l.. The controller had stored a large amount of customer data indefinitely. The DPA also found that the administrative database of employees of stores from 7 countries were accessible with a single password. The DPA considered this to be a breach of the obligation to implement appropriate technical and organizational measures to protect personal data. In assessing the fine, the DPA considered the fact that a very large number of people were affected by the data protection violations as an aggravating factor.
法律引文
Art. 5 (1)Art. 32 (1)Art. 32 (2)
问题与违规
Non-compliance with general data processing principles