International Card Services B.V.
€150,000
Insufficient technical and organisational measures to ensure information security
決定日期
2024年1月15日
權限
Dutch Supervisory Authority for Data Protection (AP)
NL
部門
Finance, Insurance and Consulting
國家
NL
法律
GDPR狀態
FINAL說明
The Dutch DPA has imposed a fine of EUR 150,000 on International Card Services B.V. (ICS). ICS failed to carry out a data protection impact assessment before starting the digital identification of customers in the Netherlands in 2019. The identity check covered around 1.5 million people and involved sensitive personal data such as pictures of the data subjects.
法律引文
Art. 35
問題與違規
Insufficient technical and organisational measures to ensure information security