Germany
Company
—
GDPR enforcement action by Data Protection Authority of Niedersachsen on 2021.
Case details
- Authority
- Data Protection Authority of Niedersachsen
- Date
- 2021
- Controller / Processor
- Company
- Sector
- Not assigned
- Quoted Articles
- Art. 25 GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
A company had stored telecommunications hardware, a server and backup technology in a guest bathroom. The server cabinet, which did not have an intact lock, also served as a changing table.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate