Transfer of an employee’s health data to over 3,000 customers without a legal basis
The Hamburg data protection authority imposed the fine because the car dealership had passed on an employee’s health data to third parties without a legal basis.
Customers of a branch of the recipient got send a message were they were informed that due to an absence of the sales manager due to illness, restructuring was being carried out. This message was sent to more than 3000 regular customers, which included information about the beginning of the incapacity for work, as well as the fact that the person would be absent for an indefinite period of time.
The decision is legally binding.
See also: BDSG § 26 para. 1
Art des Verstoßes:
Illegal data processing
Waren sensible Daten betroffen?:
Activity Report 2021 HmbBfDI