Estonia
Asper Biogene OÜ
0 €
GDPR enforcement action by Estonian Data Protection Authority (AKI) on 2025-01-10.
Case details
- Authority
- Estonian Data Protection Authority (AKI)
- Date
- 2025-01-10
- Controller / Processor
- Asper Biogene OÜ
- Sector
- Health Care
- Quoted Articles
- Unknown
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Estonian DPA imposed a fine of EUR 85,000 on Asper Biogene OÜ. Asper Biogene OÜ suffered a data leak due to a lack of adequate security measures. The leak affected approximately 100,000 files containing personal, health and genetic data. Asper Biogene OÜ also appointed a member of the board of directors as DPO, resulting in a conflict of interest. A fine of EUR 80,000 was imposed for the inadequate security measures. The unlawful appointment of the DPO was fined EUR 5,000.
---UPDATE---
The Tartu County Court overturned the DPA's decision. The DPA has appealed against the court's decision.
Open original source
Links to the regulator's original publication or another source.
Related fines
Estonia
2025-09-05
3,000,000 €
ETid-2858
Allium UPI
Industry and Commerce
Estonia
2020-12-01
100,000 €
ETid-516
Apotheka e-apteek
Health Care
Estonia
2020-12-01
100,000 €
ETid-517
Südameapteegi e-apteek
Health Care
Estonia
2020-12-01
100,000 €
ETid-518
Azeta.ee e-apteek
Health Care
Estonia
2024-07-15
30,000 €
ETid-2593
Pere Sihtkapital SA
Not assigned
Estonia
2020-04-30
500 €
ETid-302
Housing Association
Real Estate