Travel agency – €6,500 Fine (Finland, 2021)

€6,500Tietosuojavaltuutetun toimisto16 December 2021Finland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Finnish travel agency was fined €6,500 for not securing customer data properly and failing to delete data upon request. This is important because it shows how crucial data security and respecting customer rights are for businesses.

What happened

The travel agency left visa application forms with personal data publicly accessible on its web server.

Who was affected

Customers of the travel agency whose personal data was exposed and not deleted upon request were affected.

What the authority found

The Finnish data protection authority found that the travel agency did not secure personal data and failed to delete it when requested, violating GDPR requirements.

Why this matters

This case highlights the importance of securing customer data and respecting their rights to data deletion. Companies should review their data protection practices to avoid similar issues.

GDPR Articles Cited

Art. 17 GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 5(1)(f) GDPR
Finland enforcementTietosuojavaltuutetun toimisto actionsAll Travel agency actions
Full Legal Summary
Detailed

The Finnish DPA has imposed a fine of EUR 6,500 on a travel agency. A customer of the travel agency informed the DPA to suspect that the company might not process the data of its customers in a data protection compliant manner. During its investigation, the DPA found that the travel agency had not ensured secure processing of personal data. For example, visa application forms filled out by customers were publicly accessible on the travel agency's web server. The form contained, among other things, the name, contact details and passport number. In addition, the travel agency had not complied with a customer's request to delete their data from the systems.

Related Enforcement Actions (0)

No other enforcement actions found for Travel agency in FI

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

16 December 2021

Authority

Tietosuojavaltuutetun toimisto

Fine Amount

€6,500

Enforcement Tracker ID

ETid-1011

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Travel agency - Finland (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: