Benetton Group S.r.l.
€240,000
Non-compliance with general data processing principles
決定日期
2023年4月27日
權限
Italian Data Protection Authority (Garante)
IT
部門
Industry and Commerce
國家
IT
法律
GDPR狀態
FINAL說明
The Italian DPA has imposed a fine of EUR 240,000 on Benetton Group S.r.l.. The controller had stored a large amount of customer data indefinitely. The DPA also found that the administrative database of employees of stores from 7 countries were accessible with a single password. The DPA considered this to be a breach of the obligation to implement appropriate technical and organizational measures to protect personal data. In assessing the fine, the DPA considered the fact that a very large number of people were affected by the data protection violations as an aggravating factor.
法律引文
Art. 5 (1)Art. 32 (1)Art. 32 (2)
問題與違規
Non-compliance with general data processing principles