Details:

Summary The UK DPA (ICO) has fined the Central Young Men’s Christian Association EUR 8,700. The controller had sent an email to individuals participating in a program for individuals suffering from HIV without using the blind copy option, which made the email addresses of all recipients known to other recipients. 166 individuals could be identified or potentially identified based on their email addresses. From this it could be concluded that these people were probably living with HIV.
Link: link link
Related articles:  Art. 5 (1) f) GDPR, Art. 32 (1), (2) GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 8,700
Sector Individuals and Private Associations

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law