Viking Line Oy Abp

€230,000

Non-compliance with general data processing principles

決定日期

2022年12月9日

權限

Deputy Data Protection Ombudsman

FI

部門

Accomodation and Hospitality

國家

FI

法律

GDPR

狀態

FINAL

說明

The Finnish DPA has imposed a fine of EUR 230,000 on Viking Line Oy Abp. A former employee had filed a complaint with the DPA. During its investigation, the DPA found that the controller had not complied with the data subject's request for access to their health data and that some of the medical data had been stored incorrectly. The DPA also found that the medical data was stored with other personal data, although such storage is unlawful. Furthermore, the DPA found that the controller had not properly informed its employees about the processing of their personal data, contrary to its obligation under Art. 13 GDPR.

法律引文

Art. 5 (1)Art. 12 (3)Art. 13Art. 15 (1)Art. 25 (1)

問題與違規

Non-compliance with general data processing principles
檢視正式文件
返回罰款資料庫
上一個精細
Spanish Data Protection Authority (aepd) - Private...
下一個精細
Data Protection Authority of Hamburg (HmbBfDI) - C...

保持最新的隱私權執法資訊

我們尊重您的隱私。每月一封電子郵件,無垃圾郵件,可隨時取消訂閱。