Details:
Summary | The Italian DPA has imposed a fine of EUR 20,000 on the municipality of Nepi. The controller had published a document containing the ranking list of a pre-selection test for a public competition, which included personal data of the participants. During its investigation, the DPA found that the controller did not have a valid legal basis for publishing this personal data. |
Link: | link |
Related articles: | Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 28 GDPR, Art. 2-ter Codice della privacy |
Type: | Non-compliance with general data processing principles |
Fine: | EUR 20,000 |
Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/