Details:
| Summary | The Italian DPA has imposed a fine of EUR 240,000 on Benetton Group S.r.l.. The controller had stored a large amount of customer data indefinitely. The DPA also found that the administrative database of employees of stores from 7 countries were accessible with a single password. The DPA considered this to be a breach of the obligation to implement appropriate technical and organizational measures to protect personal data. In assessing the fine, the DPA considered the fact that a very large number of people were affected by the data protection violations as an aggravating factor. |
| Link: | link |
| Related articles: | Art. 5 (1) c), e) GDPR, Art. 32 (1) b), d) GDPR, Art. 32 (2) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 240,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/