LfDI (Baden-Württemberg) - 2019

From GDPRhub
Revision as of 17:11, 7 March 2022 by Kc (talk | contribs)
LfDI (Baden-Württemberg) -
LogoDE-BW.png
Authority: LfDI (Baden-Württemberg)
Jurisdiction: Germany
Relevant Law: Article 5(1)(f) GDPR
Article 32 GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided: 24.10.2019
Published: 30.01.2020
Fine: 100,000 EUR
Parties: Food craft company (unknown)
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): German
Original Source: LfDI (Baden-Württemberg) (in DE)
Initial Contributor: n/a

The LfDI (Baden-Württemberg) imposed a fine of EUR 100,000 on an medium-sized food craft company. The data controller unlawfully processed personal data and violated Article 5(1)(f) GDPR. It also did not process personal data with an appropriate level of security, as required by Article 32 GDPR.

English Summary

Facts

The company accepted applications via an applicant portal integrated into its website. However, the data transmission was not encrypted. The storage of applicant data was also not encrypted and was not password protected. In addition, there was a link to Google for the unsecured applicant data, which meant that the application documents could be called up by anyone within the scope of a search of the applicant's name via Google.

Holding

The German supervisory authority LfDI Baden-Württemberg fined EUR 100,000 the food craft company, because it had unlawfully processed personal data violating Article 5(1)(f) GDPR and it had not established an appropriate level of security, as required by Article 32 GDPR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Press release

There is no machine translation of the original decision. Please refer to the German original for details.