Norway
Bergen Municipality
276,000 €
GDPR enforcement action by Norwegian Supervisory Authority (Datatilsynet) on 2020-09-03.
Rank · Sector
#24
of 356 in Public Sector and Education
Rank · Norway
#7
of 52
Rank · All fines
#309
of 3,042
Case details
- Authority
- Norwegian Supervisory Authority (Datatilsynet)
- Date
- 2020-09-03
- Controller / Processor
- Bergen Municipality
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
In October 2019, the Data Protection Authority was informed by the Municipality of Bergen about a data breach in connection with the municipality's tool for communication between school and home called "Vigilo". This tool contained a module that allowed school and parents to communicate via a portal or app but that had not been secured properly to ensure the protection of personal data against security threats.
Open original source
Links to the regulator's original publication or another source.
Related fines
Norway
2021-12-13
6,300,000 €
ETid-950
Grindr LLC
Media, Telecoms and Broadcasting
Norway
2023-11-27
1,700,000 €
ETid-2136
Norwegian Labor and Welfare Administration
Public Sector and Education
Norway
2023-02-06
900,000 €
ETid-1656
Sats ASA
Industry and Commerce
Norway
2021-09-27
496,000 €
ETid-851
Ferde AS
Public Sector and Education
Norway
2021-10-18
412,000 €
ETid-878
Østre Toten municipality
Public Sector and Education
Norway
2025-03-10
338,000 €
ETid-2573
Telenor ASA.
Media, Telecoms and Broadcasting