Details:
| Summary | According to the data protection authority, personal information about participants in a public competition had been unlawfully disclosed online. The reason for this was that, due to a configuration error, a list of the codes assigned to the candidates was temporarily accessible on the platform, which allowed access to the documents submitted by the candidates with their personal data. This was a violation of the principle of protection of information security for which Scanshare – which was the processor of the data on behalf of the controller ‘Azienda Ospedaliera di Rilievo Nazionale ‘Antonio Cardarelli” (a private hospital) – had been fined with EUR 60.000. [Also see the main fine on the hospital!] |
| Link: | link |
| Related articles: | Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 60,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/