University College Dublin – €70,000 Fine (Ireland, 2020)

€70,000Data Protection Commission17 December 2020Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

University College Dublin was fined EUR 70,000 for not securing its email accounts properly, leading to unauthorized access and data breaches. The college also failed to report a data breach on time. This case highlights the importance of protecting personal data and promptly reporting breaches.

What happened

University College Dublin's email accounts were accessed by unauthorized parties, and login credentials were exposed online.

Who was affected

Students and staff whose personal data was stored in UCD's email accounts.

What the authority found

The Data Protection Commission found that UCD did not use proper security measures for its email services and delayed breach notification.

Why this matters

This case underscores the need for educational institutions to maintain strong data security practices and timely breach reporting. It serves as a reminder that organizations must protect personal data and comply with GDPR requirements.

GDPR Articles Cited

Art. 5(1)(e) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR
Ireland enforcementData Protection Commission actionsAll University College Dublin actions
Full Legal Summary
Detailed

The Irish DPA (DPC) fined University College Dublin (UCD) EUR 70,000 due to seven personal data breaches. Unauthorized third parties were able to access UCD e-mail accounts, and login credentials for UCD e-mail accounts were posted online. It was found that the controller did not take appropriate technical and organisational measures to protect data security when processing personal data in its email service. In addition, the controller stored certain personal data in an email account in a form that allowed identification of the data subjects for longer than necessary for the purpose for which the personal data were processed. Also, the controller did not notify the DPC of a personal data breach in a timely manner.

Related Enforcement Actions (0)

No other enforcement actions found for University College Dublin in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 December 2020

Authority

Data Protection Commission

Fine Amount

€70,000

Enforcement Tracker ID

ETid-552

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. University College Dublin - Ireland (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: