Regione Lazio – €75,000 Fine (Italy, 2021)

€75,000Garante per la protezione dei dati personali14 January 2021Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Regione Lazio was fined EUR 75,000 for not having a proper contract with a company managing healthcare service reservations. This is important because it shows that businesses must have clear agreements with partners handling personal data.

What happened

Regione Lazio failed to designate Capodarco as a data processor and did not have a proper contract governing data processing roles.

Who was affected

The affected parties were individuals whose data was processed by Capodarco without a proper contract in place.

What the authority found

The Italian data protection authority ruled that Regione Lazio violated GDPR by not having a valid contract with Capodarco for data processing.

Why this matters

This case underscores the need for organizations to formalize their data processing relationships with clear contracts. It serves as a reminder to review and update agreements with any third parties handling personal data.

GDPR Articles Cited

Art. 28 GDPR
Art. 5(2) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Regione Lazio actions
Full Legal Summary
Detailed

The Italian DPA (Garante) has fined Regione Lazio (Lazio Region) EUR 75,000 for failing to designate Capodarco, the company it entrusted with the management of reservations for healthcare services in 1999, as a data processor. The controller had not entered into a contract with Capodarco that would have governed its role as data processor in accordance with the requirements of data protection law. Thus, a proper contract for commissioned processing had not been concluded until 2019, which meant that data had been processed unlawfully for a period of about 20 years.

Related Enforcement Actions (0)

No other enforcement actions found for Regione Lazio in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

14 January 2021

Authority

Garante per la protezione dei dati personali

Fine Amount

€75,000

Enforcement Tracker ID

ETid-600

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Regione Lazio - Italy (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: