Germany
Food company
100,000 €
GDPR enforcement action by Data Protection Authority of Baden-Wuerttemberg on 2019-10-24.
Rank · Sector
#7
of 100 in Accomodation and Hospitality
Rank · Germany
#33
of 116
Rank · All fines
#455
of 3,042
Case details
- Authority
- Data Protection Authority of Baden-Wuerttemberg
- Date
- 2019-10-24
- Controller / Processor
- Food company
- Sector
- Accomodation and Hospitality
- Quoted Articles
- Art. 5 GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The company had set up an applicant portal on its website where interested parties could submit their application documents online. However, the company did not offer an encrypted transmission of the data, nor did it store the applicant data in an encrypted or password-protected manner. In addition, the unsecured applicant data was linked to Google, so that anyone searching for the respective applicant names on Google could find their application documents and retrieve them without access restrictions.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate