A customer wanted to exchange € 100 for Turkish Lira at a bank branch. The employee asked for a proof of identity according to § 5 Z2 Federal Law to Prevent Money Laundering and Terrorist Financing, as required in the financial market. Therefore, he made a copy of the customers driver’s license. However, this measure… […]
The SME Radidata GmbH (Germany) was fined 10.000 EUR for not naming a Data Protection Officer (DPO). In Germany a DPO is needed as soon 20 employees work with personal data. The data protection Authority requested Rapidata to name a DPO several times but was ignored. The fine takes into account that Rapidata is a… […]
The Romanian data protection authority has accused Hora Credit IFN SA of sending personal data to the wrong recipient. The company had violated the principles of the GDPR (according to ), which regulate the processing of personal data. Beside the company had not implemented suitable technical and organizational measures (TOM) to prevent unauthorized disclosure of… […]
The data protection authority in Greece has fined the company Allseas Marine S.A 15,000 euros, because of the illegal installation and operation of a video surveillance system. The company has also violated the principles of transparency and accountability. Therefore, the company violated , and of the General Data Protection Regulation.
The company SC Enel Energie SA violated several provisions of the GDPR when processing customer data. Personal data was not processed in accordance with these principles. Furthermore, the company was unable to prove the data subject’s consent to the data processing and was therefore unable to fulfill its accountability. The data protection authority also found… […]
The operator of the shipyard Entirly Shipping & Trading SRL violated the GDPR three times. For the first violation, a warning was given by the data protection authority due to a lack of data processing information to the affected people. In the second case, a fine of around 5,000 euros was imposed for installing a… […]
The energy and gas supplier ENI made advertising calls in Italy without the consent of the affected people. In addition, the necessary technical and organizational measures (TOM) were missing in order to properly process data processing objections. Furthermore, the company did not delete data records, which are not longer in use. Therefore, a fine of… […]
The Austrian Post service has to pay a GDPR fine of 18 Million Euros. Thus was the conclusion of the Data Protection Authority in Austria. Besides, the austrian post service has to pay the costs of the investigation (1.8 Million Euros). The company had created profiles of over 3 million Austrian citizens. The collected information… […]