Denmark

Vejle Municipality

27,000 €

GDPR enforcement action by Danish Data Protection Authority (Datatilsynet) on 2021-06-16.

Rank · Sector

#93

of 357 in Public Sector and Education

Rank · Denmark

#14

of 29

Rank · All fines

#940

of 3,050

Case details

Authority: Danish Data Protection Authority (Datatilsynet)
Date: 2021-06-16
Controller / Processor: Vejle Municipality
Sector: Public Sector and Education
Quoted Articles: Art. 32 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Danish DPA (Datatilsynet) has imposed a fine of EUR 27,000 on Vejle municipality. The Danish DPA had started investigations against the municipality after it had reported a data breach pursuant to Art. 33 GDPR. The municipal dental care service had sent automated welcome letters to both parents as part of the treatment of children, which contained the contact details of both parents. In this process, the municipality had not checked whether it was permitted to pass the information on to the other parent. In several cases, parents thus received the address of the other parent, regardless of whether the other parent had name and address protection. The DPA considered this to be a failure of the municipality to take technical and organizational measures to ensure adequate data protection.

Open original source Links to the regulator's original publication or another source.