Scanshare S.r.l. – €10,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Scanshare S.r.l. was fined after a data breach exposed personal information of about 3,500 job candidates. The Italian data protection authority found that the company mishandled sensitive data during a recruitment process. This incident underscores the importance of data security measures when handling personal information.
What happened
Scanshare S.r.l. accidentally disclosed personal data of 3,500 candidates due to a mistake in sending an email.
Who was affected
Approximately 3,500 job candidates participating in a recruitment competition were affected.
What the authority found
The Garante ruled that Scanshare did not adequately protect personal data, violating GDPR security requirements.
Why this matters
This ruling serves as a reminder for companies to implement strong data protection measures, especially when dealing with sensitive information. It highlights the potential consequences of data breaches and the need for vigilance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
This case was initiated by a data breach notification reported by the Tuscany Region authorities to the Italian DPA (Garante per la Protezione dei Dati Personali – Garante) on 30 July 2020. The breach involved the accidental disclosure of personal data belonging to approximately 3500 candidates participating in a public recruitment competition for administrative assistant job positions. The Tuscany Region carrying out the contest (the data controller in this case) had a processing agreement with IT company Scanshare S.r.l. for the provision of services related to the organisation and management of the pre-selection phase. The IT company was tasked with processing the data necessary for the completion of the recruitment tests, as well as uploading these on to a server that would host the web page in which each candidate could consult their individual scores. An email was sent by the processor to a candidate asking for information regarding the publication of the results, which mistakenly contained a link to the web application which was uploading the personal data related to the candidates and their scores, instead of the website where each candidate could log on to obtain their individual results. The mistakenly sent link to the web application which contained the upload of the entire data set was subsequently circulated among other candidates. From this link, it was possible to access and download, inter alia, the name, surname, date of birth, tax code, detailed results of questionnaires, as well as the overall scores of all the participants. This data was exposed for approximately one hour until the data breach was discovered and remedied. The processor, without consulting the controller, then proceeded to subcontract an IT company named Hostinger, in order to provide it with the logs of the IP addresses which had unauthorised access to the data. During the Garante’s investigation procedures, the processor claimed that this data breach was not of a malicious na
Related Enforcement Actions (0)
No other enforcement actions found for Scanshare S.r.l. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 February 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€10,000
About this data
Cite as: Cookie Fines. Scanshare S.r.l. - Italy (2022). Retrieved from cookiefines.eu
Last updated: