Germany Germany

Aid organization

GDPR enforcement action by Data Protection Authority of Brandenburg on 2022.

Case details

Authority
Data Protection Authority of Brandenburg
Date
2022
Controller / Processor
Aid organization
Sector
Individuals and Private Associations
Quoted Articles
Art. 28 (3) GDPR, Art. 32 GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The DPA of Brandenburg has imposed a five-figure fine on an aid organization. The aid organization provides transportation for people with illnesses. The organization had reported a data breach to the DPA in which data of data subjects had been published due to a hack. At the time of the attack, the controller's database contained more than 80,000 records with data that included information about the health status of the data subjects. During its investigation, the DPA found that the bank had failed to take adequate technical and organizational measures to protect personal data, which allowed such a breach to occur. In addition, the DPA found that the bank had failed to conclude a processing agreement with its processors.

Open original source Links to the regulator's original publication or another source.

Related fines

Germany
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate
Back to all fines