Austria
Covid 19 Test Lab
100,000 €
GDPR enforcement action by Austrian Data Protection Authority (dsb) on 2024-06-06.
Rank · Sector
#43
of 270 in Health Care
Rank · Austria
#10
of 38
Rank · All fines
#490
of 3,050
Case details
- Authority
- Austrian Data Protection Authority (dsb)
- Date
- 2024-06-06
- Controller / Processor
- Covid 19 Test Lab
- Sector
- Health Care
- Quoted Articles
- Art. 9 GDPR, Art. 5 (1) f) GDPR, Art. 28 (3) GDPR, Art. 32 GDPR, Art. 34 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Austrian DPA has imposed a fine of EUR 100,000 on a Covid 19 test lab. The controller failed to implement sufficient technical and organisational measures, resulting in a data breach. Furthermore, the controller refused to inform the data subjects of the breach. The DPA also found that the controller processed certain data without a sufficient legal basis, used a processor without the necessary contract, failed to designate a suitable DPO, and failed to report the designation to the DPA.
Open original source
Links to the regulator's original publication or another source.
Related fines
Austria
2019-10-29
16,000,000 €
ETid-96
Austrian Post
Transportation and Energy
Austria
2021-09-28
9,500,000 €
ETid-871
Austrian Post
Transportation and Energy
Austria
2022-01-14
8,000,000 €
ETid-988
REWE International AG
Industry and Commerce
Austria
2021
4,000,000 €
ETid-872
Bank
Finance, Insurance and Consulting
Austria
2024-08-16
1,500,000 €
ETid-2772
Company
Industry and Commerce
Austria
2024-08-16
1,500,000 €
ETid-2909
IKEA
Industry and Commerce