Høylandet Municipality – €40,200 Fine (Norway, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Høylandet Municipality in Norway was fined for not securing sensitive data properly. An employee accessed files with personal information that should have been protected. This highlights the need for strong security measures in handling personal data.
What happened
An employee at Høylandet Municipality accessed image files containing sensitive personal information due to insufficient security measures.
Who was affected
Individuals whose sensitive information was stored in image files accessed by an unauthorized employee.
What the authority found
The Norwegian DPA fined the municipality for failing to implement adequate security measures to protect sensitive data, violating GDPR's security requirements.
Why this matters
This case emphasizes the importance of implementing proper technical and organizational measures to protect personal data. Organizations should ensure that employees only have access to data necessary for their roles.
GDPR Articles Cited
The Norwegian DPA has imposed a fine of EUR 40,200 on the municipality of Høylandet. The latter had reported a data breach to the DPA in accordance with Art. 33 GDPR. An employee gained access to several image files (bitmap) when she had to create new letter templates and insert an image logo from the file. The image files that the employee had access to contained sensitive information about individuals who had no connection with the municipality of Høylandet. The information included health data among others. The DPA found that the municipality had not implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the data subjects. Instead, the municipality stated that it had simply asked employees using the relevant computer program to avoid opening bitmap files that were not created by the municipality. The error has meanwhile been corrected and the municipality has introduced a new internal control system.
Related Enforcement Actions (0)
No other enforcement actions found for Høylandet Municipality in NO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 September 2021
Authority
Datatilsynet (Norway)
Fine Amount
€40,200
Enforcement Tracker ID
ETid-858
About this data
Cite as: Cookie Fines. Høylandet Municipality - Norway (2021). Retrieved from cookiefines.eu
Last updated: