Details:
| Summary | In an administrative decision dated 12 April 2019, the authority imposed a fine of 80,000 euros on a medium-sized financial services company. This company had failed to take the necessary care to preserve the integrity and confidentiality of information within the meaning of Art. 5 para. 1 lit. f GDPR when disposing of documents containing personal data of two customers. Thus, without prior anonymisation, the papers were disposed of in the general waste paper recycling system, where the documents were found by a neighbour. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 80,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/