Luxembourg
Unknown
15,400 €
GDPR enforcement action by National Commission for Data Protection (CNPD) on 2021-10-27.
Rank · Sector
#40
of 218 in Not assigned
Rank · Luxembourg
#6
of 34
Rank · All fines
#1,167
of 3,050
Case details
- Authority
- National Commission for Data Protection (CNPD)
- Date
- 2021-10-27
- Controller / Processor
- Unknown
- Sector
- Not assigned
- Quoted Articles
- Art. 38 (1), (3) GDPR, Art. 39 (1) a), b) GDPR
- Type of violation
- Insufficient involvement of data protection officer
Summary
The Luxembourg DPA has imposed a fine of EUR 15,400 on a company. According to the DPA, the controller failed to involve the data protection officer in all matters related to the protection of personal data. In addition, contrary to the requirements of the GDPR, the data protection officer did not report directly to the highest management level; instead, there were two levels of hierarchy in between.
Also, the controller did not have a data protection control plan in place to demonstrate that the data protection officer was performing their duties appropriately.
Open original source
Links to the regulator's original publication or another source.
Related fines
Luxembourg
2025-01-06
175,000 €
ETid-2615
Credit Institution
Finance, Insurance and Consulting
Luxembourg
2021-08-05
135,000 €
ETid-866
Insurance company
Finance, Insurance and Consulting
Luxembourg
2021-10-27
18,700 €
ETid-1747
Company
Not assigned
Luxembourg
2021-05-31
18,000 €
ETid-726
Unknown
Not assigned
Luxembourg
2021-10-13
18,000 €
ETid-896
Unknown
Not assigned
Luxembourg
2021-06-11
15,000 €
ETid-753
Unknown
Not assigned