Germany
Company
8,900 €
GDPR enforcement action by Data Protection Authority of Niedersachsen on 2022.
Rank · Sector
#71
of 218 in Not assigned
Rank · Germany
#70
of 116
Rank · All fines
#1,478
of 3,042
Case details
- Authority
- Data Protection Authority of Niedersachsen
- Date
- 2022
- Controller / Processor
- Company
- Sector
- Not assigned
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The DPA of Niedersachsen imposed a fine of EUR 8,900 on a company. The company had a customer database on the Internet with thousands of entries. During its investigation, the DPA found that the only access protection the company had implemented was a long-form web address but not additional measures such as password-protected access. The controller relied on the fact that the web would not become known.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate