AZOP (Croatia) - Decision 05-07-2021: Difference between revisions
No edit summary |
No edit summary |
||
Line 52: | Line 52: | ||
}} | }} | ||
The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers. | The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of technical security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers. | ||
== English Summary == | == English Summary == |
Revision as of 11:54, 5 July 2021
AZOP (Croatia) - Administrative fines, July 5th 2021 | |
---|---|
Authority: | AZOP (Croatia) |
Jurisdiction: | Croatia |
Relevant Law: | Article 32(1)(b) GDPR Article 32(1)(d) GDPR Article 32(2) GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | |
Published: | 05.07.2021 |
Fine: | None |
Parties: | n/a |
National Case Number/Name: | Administrative fines, July 5th 2021 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Croatian |
Original Source: | AZOP (in HR) |
Initial Contributor: | Info hiša |
The Croatian DPA (AZOP) fined a telecommunications company for failing to take appropriate security measures for the processing of personal data. The inadequate level of technical security resulted in a security breach that led to the unauthorized processing of personal data of 28,085 data subjects by hackers.
English Summary
Facts
A telecommunications company in Zagreb provides IT services to mobile operators, banks and government institutions in the Republic of Croatia, but also to companies abroad (USA, UK, Netherlands, etc.). Its main service is providing opinions, guidelines, and proposed solutions to data processing managers on the implementation of web applications. The head of processing at the company in Zagreb informed the DPA, as well as the user of its services, that there had been a potential breach of personal data.
Holding
The Croatian DPA (AZOP) held that the IT services company did not take the necessary measures to achieve an adequate level of security in accordance with existing and foreseeable risks, and further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative fine that it considered effective, proportionate, dissuasive and fully appropriate to the circumstances.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.