LfDI (Baden-Württemberg) - 2019

From GDPRhub
LfDI (Baden-Württemberg) -
Authority: LfDI (Baden-Württemberg)
Jurisdiction: Germany
Relevant Law: Article 5(1)(f) GDPR
Article 32 GDPR
Type: Investigation
Outcome: Violation Found
Decided: 24.10.2019
Published: 30.01.2020
Fine: 100,000 EUR
Parties: Food craft company (unknown)
National Case Number/Name:
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): German
Original Source: LfDI (Baden-Württemberg) (in DE)
Initial Contributor: n/a

The LfDI (Baden-Württemberg) imposed a fine of EUR 100,000 on an medium-sized food craft company. The data controller unlawfully processed personal data and violated Article 5(1)(f) GDPR. It also did not process personal data with an appropriate level of security, as required by Article 32 GDPR.

English Summary[edit | edit source]

Facts[edit | edit source]

The company accepted applications via an applicant portal integrated into its website. However, the data transmission was not encrypted. The storage of applicant data was also not encrypted and was not password protected. In addition, there was a link to Google for the unsecured applicant data, which meant that the application documents could be called up by anyone within the scope of a search of the applicant's name via Google.

Holding[edit | edit source]

The German supervisory authority LfDI Baden-Württemberg fined EUR 100,000 the food craft company, because it had unlawfully processed personal data violating Article 5(1)(f) GDPR and it had not established an appropriate level of security, as required by Article 32 GDPR.

Comment[edit | edit source]

Share your comments here!

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Press release[edit | edit source]

There is no machine translation of the original decision. Please refer to the German original for details.