Italy Italy

ISWEB S.p.A.

40,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2022-04-07.

Rank · Sector
#117
of 597 in Industry and Commerce
Rank · Italy
#137
of 543
Rank · All fines
#814
of 3,050

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2022-04-07
Controller / Processor
ISWEB S.p.A.
Sector
Industry and Commerce
Quoted Articles
Art. 28 GDPR
Type of violation
Insufficient data processing agreement

Summary

The Italian DPA imposed a fine of EUR 40,000 on ISWEB S.p.A.. The fine is related to a fine against the healthcare facility Azienda ospedaliera di Perugia. ISWEB had provided the healthcare facility with the web application for its whistleblower system.

During an investigation at the healthcare facility, the DPA identified multiple GDPR violations related to the whistleblower system.

The DPA's investigation took place as part of a series of inspections addressing whistleblower system data processing at employers.

In relation to ISWEB, the DPA found that they had used an external provider to host the whistleblower systems. However, ISWEB failed to provide the external provider with specific instructions for the processing of data subjects' data, as well as to inform the health care facility of the same.

Open original source Links to the regulator's original publication or another source.

Related fines

Italy
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting
Back to all fines