Penalty against Optical Center
Optical Center is a company that produces optical glasses for customers. On the homepage of the company customers can order appropriate visual aids. In 2017, the French Data Protection Authority (CNIL) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons could access customer personal data. It was not only possible to retrieve names, addresses and telephone numbers, but also medical data provided by customers when ordering glasses (for example, diopters to make the glasses in the correct prescription).
Entscheidungsdatum:
07.06.2018
Land:
France
Art des Verstoßes:
technical deficiency
Betroffene Datensätze:
300 000
Waren sensible Daten betroffen?:
Yes
verhängte Geldstrafe:
€ 250,000,-
Violation of GDPR Paragraph:
32. Security of processing
9. Processing of special categories of personal data
Quelle: