Ireland

Slane Credit Union Ltd.

5,000 €

GDPR enforcement action by Data Protection Authority of Ireland on 2022-01-26.

Rank · Sector

#231

of 322 in Finance, Insurance and Consulting

Rank · Ireland

#34

of 36

Rank · All fines

#1,773

of 3,050

Case details

Authority: Data Protection Authority of Ireland
Date: 2022-01-26
Controller / Processor: Slane Credit Union Ltd.
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 (1) f) GDPR, Art. 24 GDPR, Art. 28 (1), (3) GDPR, Art. 30 (1) GDPR, Art. 32 (1) GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Irish DPA has imposed a fine of EUR 5,000 on Slane Credit Union Ltd. The controller had notified the DPA of a data breach in 2018. Due to an error in a search engine optimization tool installed on the controller's website, four reports of member inquiries containing personal member data were unintentionally published.
The incident affected 76 members, including minors, and their personal data such as names, addresses, gender, birth dates, account numbers, etc.

The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data.

In addition, the DPA concluded that the controller failed to conduct due diligence on the processor and to conclude a GDPR compliant contract with the processor.

Open original source Links to the regulator's original publication or another source.