Penalty against Optical Center

Optical-Center is a company that manufactures optical glasses for customers. Customers can order appropriate visual aids on the company’s homepage.
In 2017, the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons were able to access customers’ personal data. It was possible to query not only names, addresses and telephone numbers, but also medical data that customers had provided when ordering glasses (e.g. diopters, so that the glasses would be manufactured with the appropriate prescription).

For more information, see our news article.

Entscheidungsdatum:
07.06.2018

Land:
France

Art des Verstoßes:
technical deficiency

Betroffene Datensätze:
300 000

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 250,000,-

Violation of GDPR Paragraph:

32. Security of processing
9. Processing of special categories of personal data

Quelle:
Press release of the French data protection authority CNIL (French)