Details:
| Summary | The sanctions were applied as a result of a complaint alleging that Hora Credit IFN SA transmitted documents containing personal data of another person to a wrong e-mail address. Following the investigation it was found that Hora Credit IFN SA processed the data without providing effective mechanisms for verifying and validating the accuracy of the data collected processed according to the principles set out in art. 5 of the GDPR. It was also found that the operator did not take sufficient security measures for personal data, according to art. 25 and 32 of the GDPR, so as to avoid unauthorized and accessible disclosure of personal data to third parties. At the same time, Hora Credit IFN SA did not notify the Supervisory Authority of the security incident that was brought to its notice, according to art. 33 of the GDPR, within 72 hours from the date it became aware of it. The fine consists of three partial fines of EUR 3000, EUR 10000 and EUR 1000. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 25 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 14,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/