LfDI (Baden-Württemberg) - 2019
LfDI (Baden-Württemberg) - | |
---|---|
Authority: | LfDI (Baden-Württemberg) |
Jurisdiction: | Germany |
Relevant Law: | Article 5(1)(f) GDPR Article 32 GDPR |
Type: | Investigation |
Outcome: | Violation Found |
Started: | |
Decided: | 24.10.2019 |
Published: | 30.01.2020 |
Fine: | 100,000 EUR |
Parties: | Food craft company (unknown) |
National Case Number/Name: | |
European Case Law Identifier: | n/a |
Appeal: | n/a |
Original Language(s): | German |
Original Source: | LfDI (Baden-Württemberg) (in DE) |
Initial Contributor: | n/a |
The LfDI (Baden-Württemberg) imposed a fine of EUR 100,000 on an medium-sized food craft company. The data controller unlawfully processed personal data and violated Article 5(1)(f) GDPR. It also did not process personal data with an appropriate level of security, as required by Article 32 GDPR.
English Summary
Facts
The company accepted applications via an applicant portal integrated into its website. However, the data transmission was not encrypted. The storage of applicant data was also not encrypted and was not password protected. In addition, there was a link to Google for the unsecured applicant data, which meant that the application documents could be called up by anyone within the scope of a search of the applicant's name via Google.
Holding
The German supervisory authority LfDI Baden-Württemberg fined EUR 100,000 the food craft company, because it had unlawfully processed personal data violating Article 5(1)(f) GDPR and it had not established an appropriate level of security, as required by Article 32 GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Press release
There is no machine translation of the original decision. Please refer to the German original for details.