Italy

Brav s.r.l.

10,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2022-03-24.

Rank · Sector

#218

of 597 in Industry and Commerce

Rank · Italy

#268

of 543

Rank · All fines

#1,360

of 3,050

Case details

Authority: Italian Data Protection Authority (Garante)
Date: 2022-03-24
Controller / Processor: Brav s.r.l.
Sector: Industry and Commerce
Quoted Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Italian DPA has imposed a fine of EUR 10,000 on Brav s.r.l.. The operator of the online platform had reported a data breach to the DPA pursuant to Art. 33 GDPR. Unauthorized persons had managed to access the platform used by the Genoa Police for the management of traffic violations, as well as the personal data contained therein.
According to the City of Genoa, it was possible to gain unauthorized access to the platform due to the fact that certain employees had unauthorizedly disclosed the password for accessing the platform, in violation of official regulations. For this reason, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. The controller should have ensured that passwords were changed regularly to prevent unauthorized persons from gaining access to personal data.

Open original source Links to the regulator's original publication or another source.