Banner2.png

HmbBfDI (Hamburg) - Bußgeld wegen Fehlentsorgung bei Logistik-Unternehmen

From GDPRhub
Revision as of 15:57, 6 March 2025 by Cibitmap (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Germany |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoDE-HH.png |DPA_Abbrevation=HmbBfDI |DPA_With_Country=HmbBfDI (Hamburg) |Case_Number_Name=Bußgeld wegen Fehlentsorgung bei Logistik-Unternehmen |ECLI= |Original_Source_Name_1=Hamburg DPA |Original_Source_Link_1=https://datenschutz-hamburg.de/fileadmin/user_upload/HmbBfDI/Datenschutz/Taetigkeitsberichte_Datenschutz/Taetigkeitsberichte_PDF/Hamburg_Datenschutz_2022_web.pdf |Origin...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
HmbBfDI - Bußgeld wegen Fehlentsorgung bei Logistik-Unternehmen
LogoDE-HH.png
Authority: HmbBfDI (Hamburg)
Jurisdiction: Germany
Relevant Law: Article 32(1) GDPR
Article 33 GDPR
Article 34 GDPR
Type: Complaint
Outcome: Other Outcome
Started:
Decided:
Published:
Fine: n/a
Parties: n/a
National Case Number/Name: Bußgeld wegen Fehlentsorgung bei Logistik-Unternehmen
European Case Law Identifier: n/a
Appeal: Pending appeal
Original Language(s): German
Original Source: Hamburg DPA (in DE)
Initial Contributor: CBMPN

The Hamburg DPA has issued a fine against a Hamburg logistics company due to its repeated inadequate disposal of delivery lists in public waste containers.

English Summary

Facts

A logistics company based in Hamburg was fined for repeatedly disposing of delivery lists in publicly accessible trash bins and for having an inadequate disposal policy. These delivery lists contained personal data, including subscribers' full names, addresses, subscribed newspapers, and specific delivery instructions, such as mailbox locations and customer complaints. Because the lists were discarded in open public spaces, unauthorized third parties could access them.

During the investigation, the Hamburg DPA found that the company lacked a proper disposal system. The delivery personnel were responsible for disposing of the lists independently, without a structured process to ensure secure disposal. As a result, the company had no effective control over compliance with data protection requirements and could not reliably fulfill its reporting obligations under Articles 33 and 34 GDPR in case of data breaches.

Holding

The company was found to have violated Article 32(1) GDPR due to the improper disposal of personal data and the lack of an adequate disposal policy.

A similar violation had already been identified in 2019, leading to a prior warning under Article 58(2)(b) GDPR. However, the company cooperated with the Hamburg DPA, which was taken into account when determining the fine.

The company also revised its training materials to improve compliance.

No financial harm to affected individuals was identified, but the company benefited economically by saving costs through its inadequate disposal practices.

The fine was set at a moderate level, and the company has appealed the decision.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the German original. Please refer to the German original for more details. 

3. Fine for incorrect disposal by logistics companies
The HmbBfDI has issued a fine against a Hamburg logistics company. The reason for the sanction was the repeated disposal of so-called delivery lists in public waste containers and an inadequate disposal concept. The fine is not yet legally binding.
Employees of a Hamburg logistics company had disposed of so-called delivery lists in freely accessible public waste containers in two cases. Unauthorized third parties were thus able to view them. The lists contained the first and last names of subscribers, addresses, subscribed newspapers and special delivery instructions, such as the location of mailboxes and any complaints from recipients. The lists therefore contained a not inconsiderable amount of detailed information about the people on the list.
The audit also found that the concept for disposing of such lists was inadequate. In particular, it was up to the delivery people to dispose of the lists themselves, without the delivery lists being returned. This meant that the company was unable to effectively monitor proper disposal. It was therefore also not possible to reliably comply with the reporting obligations under Art. 33 and 34 GDPR, which require reporting in the event of data breaches.

IV.

Data Protection Activity Report 2022 – HmbBfDI 125

FINES, ORDERS, LEGAL PROCEEDINGS

with regard to the specific disposal, on the one hand the company violated Art. 32 Para. 1 GDPR, and on the other hand the faulty disposal concept had to be sanctioned. A fine was also appropriate because the company had already been given a warning in 2019 in accordance with Art. 58 Para. 2 lit. b) GDPR due to a similar situation.

Nevertheless, the company worked with the HmbBfDI to clarify the violations, which had to be taken into account to a considerable extent when determining the fine. In addition, the information materials for delivery drivers on the data protection-compliant disposal of delivery lists were revised in order to better prevent future violations. Ultimately, no economic damage to the subscribers could be determined. On the other hand, the company gained an economic advantage from the inadequate disposal concept in the form of saved costs for its own proper disposal of the lists. The fine was therefore moderate. The company has lodged an appeal against the fine.
Retrieved from "https://gdprhub.eu/index.php?title=HmbBfDI_(Hamburg)_-_Bußgeld_wegen_Fehlentsorgung_bei_Logistik-Unternehmen&oldid=46265"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki