Hungary

Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.)

1,385 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2020-12-16.

Rank · Sector

#357

of 366 in Media, Telecoms and Broadcasting

Rank · Hungary

#61

of 73

Rank · All fines

#2,537

of 3,042

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2020-12-16
Controller / Processor: Next Time Media Agency Ltd. (Next Time Media Ügynökség Kft.)
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 32 (1) GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Hungarian DPA (NAIH) imposed a fine of HUF 50,000 (EUR 1,385) on Next Time Media Ügynökség Kft. (Next Time Media Agency Ltd.). The web agency had been contracted by the travel agency Robinson Tours Idegenforgalmi és Szolgáltató Kft. (Robinson Tours Ltd.) to develop and operate the travel agency's online reservation system. However, the database was not only supplemented with test data, but also with real data of Robinson Tours' customers. In total, the data of 781 people was compromised. During the period from November 13, 2019, to February 4, 2020, these data were accessible to anyone and could be found via Google. The DPA found that Next Time Media Agency Ltd. did not take adequate technical and organizational measures to ensure the security of the personal data.

Open original source Links to the regulator's original publication or another source.