Penalty against Optical Center

Optical Center is a company that produces optical glasses for customers. On the homepage of the company customers can order appropriate visual aids. In 2017, the French Data Protection Authority (CNIL) was informed that the company’s website was not sufficiently secured. By simply changing the website address (URL), unauthorized persons could access customer personal data. It was not only possible to retrieve names, addresses and telephone numbers, but also medical data provided by customers when ordering glasses (for example, diopters to make the glasses in the correct prescription).

Entscheidungsdatum:
07.06.2018

Land:
France

Art des Verstoßes:
technical deficiency

Betroffene Datensätze:
300 000

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 250,000,-

Violation of GDPR Paragraph:

32. Security of processing
9. Processing of special categories of personal data

Quelle: