Details:

Summary The Italian DPA has imposed a fine of EUR 20,000 on the municipality of Nepi. The controller had published a document containing the ranking list of a pre-selection test for a public competition, which included personal data of the participants. During its investigation, the DPA found that the controller did not have a valid legal basis for publishing this personal data.
Link: link
Related articles:  Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 2-ter Codice della privacy
Type: Non-compliance with general data processing principles
Fine: EUR 20,000
Sector Public Sector and Education

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law