Breiðholt Upper Secondary School
€9,000
Insufficient technical and organisational measures to ensure information security
決定日期
2020年3月10日
權限
Icelandic data protection authority ('Persónuvernd')
IS
部門
Public Sector and Education
國家
IS
法律
GDPR狀態
FINAL說明
In violation of Art. 32 GDPR, a teacher had sent an e-mail to his students and their parents with an attachment containing data on their well-being, academic performance and social conditions.
法律引文
Art. 5 (1)Art. 32
問題與違規
Insufficient technical and organisational measures to ensure information security