Sweden
Skåne region
17,600 €
GDPR enforcement action by Data Protection Authority of Sweden on 2023-04-26.
Rank · Sector
#138
of 357 in Public Sector and Education
Rank · Sweden
#41
of 46
Rank · All fines
#1,143
of 3,050
Case details
- Authority
- Data Protection Authority of Sweden
- Date
- 2023-04-26
- Controller / Processor
- Skåne region
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Swedish DPA has fined Skåne region EUR 17,600. An employee of the region had lost an unencrypted USB stick containing the social security numbers and sensitive personal data of nearly 2,000 people. The DPA found that the region had failed to implement adequate technical and organizational measures to protect personal data.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy