Germany
Company
75,000 €
GDPR enforcement action by Data Protection Authority of Hamburg on 2023.
Rank · Sector
#28
of 213 in Employment
Rank · Germany
#36
of 116
Rank · All fines
#567
of 3,050
Case details
- Authority
- Data Protection Authority of Hamburg
- Date
- 2023
- Controller / Processor
- Company
- Sector
- Employment
- Quoted Articles
- Art. 9 GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The DPA of Hamburg imposed a fine of EUR 75,000 on a company. An employee had lodged a complaint with the DPA due to the fact that they had to report their sickness-related absences by e-mail in an e-mail distribution list with 25 colleagues and superiors, although the internal company guideline stipulated that the sickness report only had to be submitted to the manager of the respective department. In addition, their manager had sent an email to a e-mail distribution list with several recipients listing all their sick days. During its investigation, the DPA found that such extensive disclosure was not necessary and therefore unlawful.
Open original source
Links to the regulator's original publication or another source.
Related fines
Germany
2024
45,000,000 €
ETid-2646
Vodafone GmbH
Media, Telecoms and Broadcasting
Germany
2020-10-01
35,258,708 €
ETid-405
H&M Hennes & Mauritz Online Shop A.B. & Co. KG
Employment
Germany
2024
4,113,486 €
ETid-2638
Unknown
Not assigned
Germany
2019
3,501,000 €
ETid-943
Unknown
Individuals and Private Associations
Germany
2022
2,001,000 €
ETid-1870
Unknown
Individuals and Private Associations
Germany
2022-03-03
1,900,000 €
ETid-1103
BREBAU GmbH
Real Estate