Agenzia regionale protezione ambientale Campania (ARPAC) – €8,000 Fine (Italy, 2021)

€8,000Garante per la protezione dei dati personali14 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy's data protection authority fined the Regional Environmental Protection Agency of Campania (ARPAC) EUR 8,000 after a hard drive with personal data was stolen. The agency failed to secure the data properly and did not have backups, leading to data loss. This case highlights the importance of securing sensitive information and having backup systems in place.

What happened

An external hard drive containing personal data was stolen from ARPAC, and the data was not backed up.

Who was affected

Individuals whose identity documents, tax records, and payroll records were stored on the stolen hard drive.

What the authority found

The authority found ARPAC did not implement adequate security measures to protect personal data, violating GDPR's requirements.

Why this matters

This case underscores the need for organizations to secure personal data and maintain backups to prevent data loss, serving as a reminder for businesses to review their data protection measures.

GDPR Articles Cited

Art. 32(GDPR)
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Agenzia regionale protezione ambientale Campania (ARPAC) actions
Full Legal Summary
Detailed

The Italian DPA (Garante) imposed a fine of EUR 8,000 on the Regional Environmental Protection Agency of Campania (ARPAC). An external hard drive containing personal data had been stolen from the controller. Among other things, it contained copies of identity documents, tax records and payroll records. During the investigation, the DPA discovered that the hard drive had been located in a room to which all of the controller's employees had access. In addition, the controller did not back up the affected data, so it was irrevocably lost. Consequently, the DPA concluded that the controller violated the duty to implement appropriate technical and organizational measures to ensure the security of data processing.

Related Enforcement Actions (0)

No other enforcement actions found for Agenzia regionale protezione ambientale Campania (ARPAC) in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

14 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€8,000

Enforcement Tracker ID

ETid-556

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Agenzia regionale protezione ambientale Campania (ARPAC) - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: