Italy Italy

Scanshare s.r.l.

60,000 €

GDPR enforcement action by Italian Data Protection Authority (Garante) on 2020-09-30.

Rank · Sector
#98
of 597 in Industry and Commerce
Rank · Italy
#101
of 543
Rank · All fines
#636
of 3,050

Case details

Authority
Italian Data Protection Authority (Garante)
Date
2020-09-30
Controller / Processor
Scanshare s.r.l.
Sector
Industry and Commerce
Quoted Articles
Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 32 GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

According to the data protection authority, personal information about participants in a public competition had been unlawfully disclosed online. The reason for this was that, due to a configuration error, a list of the codes assigned to the candidates was temporarily accessible on the platform, which allowed access to the documents submitted by the candidates with their personal data. This was a violation of the principle of protection of information security for which Scanshare - which was the processor of the data on behalf of the controller "Azienda Ospedaliera di Rilievo Nazionale 'Antonio Cardarelli'" (a private hospital) - had been fined with EUR 60.000. [Also see the main fine on the hospital!]

Open original source Links to the regulator's original publication or another source.

Related fines

Italy
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting
Back to all fines