unencrypted data
The data protection authority fined an Italian airport company because the software used has insufficient protection for personal data. In the course of the investigations, it turned out that a secure network protocol (such as HTTPS protocol) was missing and the software itself did not encrypt the data. The authority considered it a breach of the obligation to implement technical and organizational measures that ensure an appropriate level of security.
Entscheidungsdatum:
02.08.2021
Land:
Italy
Art des Verstoßes:
inadequate data protection
Betroffene Datensätze:
unknown
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 40,000,-
Violation of GDPR Paragraph:
25. Data protection by design and by default
32. Security of processing
35. Data protection impact assessment
5. Principles relating to personal data processing
Quelle:
GPDP fine notice