AZOP (Croatia) - Decision 05-07-2021: Difference between revisions

From GDPRhub
No edit summary
(No difference)

Revision as of 09:36, 7 July 2021

AZOP (Croatia) - Administrative fines, July 5th 2021
LogoHR.png
Authority: AZOP (Croatia)
Jurisdiction: Croatia
Relevant Law: Article 32(1)(b) GDPR
Article 32(1)(d) GDPR
Article 32(2) GDPR
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 05.07.2021
Fine: None
Parties: n/a
National Case Number/Name: Administrative fines, July 5th 2021
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Croatian
Original Source: AZOP (in HR)
Initial Contributor: Info hiša

The Croatian DPA (AZOP) fined a telecommunications company an undisclosed amount for failing to take appropriate security measures for the processing of personal data. The inadequate level of technical security resulted in a security breach. Hackers were able to process the personal data of 28,085 data subjects without authorization.

English Summary

Facts

A telecommunications company in Zagreb provides IT services to mobile operators, banks and government institutions in the Republic of Croatia, but also to companies abroad (USA, UK, Netherlands, etc.). Its main service is providing opinions, guidelines, and proposed solutions to data processing managers on the implementation of web applications. The head of processing at the company in Zagreb informed the DPA, as well as the user of its services, that there had been a potential breach of personal data. In fact, hackers obtained the personal data of 28,085 data subjects.

Holding

Following an investigation, the Croatian DPA (AZOP) held that the telecommunications company did not take necessary measures to achieve an adequate level of security in accordance with existing and foreseeable risks, and that its records of data processing activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative fine that it considered effective, proportionate, dissuasive and fully appropriate to the circumstances.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Croatian original. Please refer to the Croatian original for more details.