AZOP (Croatia) - Decision 05-07-2021: Difference between revisions

From GDPRhub
No edit summary
No edit summary
Line 52: Line 52:
}}
}}


The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers.  
The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of technical security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers.  


== English Summary ==
== English Summary ==

Revision as of 11:54, 5 July 2021

AZOP (Croatia) - Administrative fines, July 5th 2021
LogoHR.png
Authority: AZOP (Croatia)
Jurisdiction: Croatia
Relevant Law: Article 32(1)(b) GDPR
Article 32(1)(d) GDPR
Article 32(2) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 05.07.2021
Fine: None
Parties: n/a
National Case Number/Name: Administrative fines, July 5th 2021
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Croatian
Original Source: AZOP (in HR)
Initial Contributor: Info hiša

The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of technical security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers.

English Summary

Facts

A telecommunications company in Zagreb provides IT services to mobile operators, banks and government institutions in the Republic of Croatia, but also to companies abroad (USA, UK, Netherlands, etc.). Its main service is providing opinions, guidelines, and proposed solutions to data processing managers on the implementation of web applications. The head of processing at the company in Zagreb informed the DPA, as well as the user of its services, that there had been a potential breach of personal data.

Holding

The Croatian DPA (AZOP) held that the IT services company did not take the necessary measures to achieve an adequate level of security in accordance with existing and foreseeable risks, and further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative fine that it considered effective, proportionate, dissuasive and fully appropriate to the circumstances.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.