Norway
University of Agder
12,700 €
GDPR enforcement action by Norwegian Supervisory Authority (Datatilsynet) on 2024-09-04.
Rank · Sector
#159
of 357 in Public Sector and Education
Rank · Norway
#43
of 53
Rank · All fines
#1,254
of 3,050
Case details
- Authority
- Norwegian Supervisory Authority (Datatilsynet)
- Date
- 2024-09-04
- Controller / Processor
- University of Agder
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 32 GDPR, Art. 24 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Norwegian DPA has fined the University of Agder (UiA) EUR 12,700. An employee of UiA had discovered that documents containing personal data of employees, students and external individuals were stored in open Microsoft Teams foldersand that employees with no business need were able to access them. During its investigation, the DPA found that UiA had failed to implement appropriate technical and organisational measures to protect personal data.
Open original source
Links to the regulator's original publication or another source.
Related fines
Norway
2021-12-13
6,300,000 €
ETid-950
Grindr LLC
Media, Telecoms and Broadcasting
Norway
2026-06-01
1,820,000 €
ETid-3193
Elkjøp AS
Industry and Commerce
Norway
2023-11-27
1,700,000 €
ETid-2136
Norwegian Labor and Welfare Administration
Public Sector and Education
Norway
2023-02-06
900,000 €
ETid-1656
Sats ASA
Industry and Commerce
Norway
2021-09-27
496,000 €
ETid-851
Ferde AS
Public Sector and Education
Norway
2021-10-18
412,000 €
ETid-878
Østre Toten municipality
Public Sector and Education