Malta
Lands Authority
5,000 €
GDPR enforcement action by Data Protection Commissioner of Malta on 2019-02-18.
Rank · Sector
#226
of 357 in Public Sector and Education
Rank · Malta
#6
of 15
Rank · All fines
#1,693
of 3,050
Case details
- Authority
- Data Protection Commissioner of Malta
- Date
- 2019-02-18
- Controller / Processor
- Lands Authority
- Sector
- Public Sector and Education
- Quoted Articles
- Art. 5 GDPR, Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
As a result of the lack of appropriate security measures on the Lands Authority website, over 10 gigabytes of personal data became easily accessible to the public via a simple google search. The majority of the leaked data contained highly-sensitive information and correspondence between individuals and the Authority itself. The Lands Authority chose not to appeal. In Malta, in the case of a breach by a public authority or body, the Data Protection Commissioner may impose an administrative fine of up to €25,000 for each violation and may additionally impose a daily fine of €25 for each day such violation persists.
Open original source
Links to the regulator's original publication or another source.
Related fines
Malta
2022
250,000 €
ETid-1835
Unknown
Not assigned
Malta
2022-01-17
65,000 €
ETid-996
C-Planet (IT Solutions) Limited
Industry and Commerce
Malta
2022
65,000 €
ETid-1911
Unknown
Not assigned
Malta
2020
20,000 €
ETid-1842
Unknown
Not assigned
Malta
2025-04-02
20,000 €
ETid-3142
Hospital
Health Care
Malta
2020
5,000 €
ETid-1836
Unknown
Not assigned