Food craft company (unknown) – €100,000 Fine (Germany, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A food craft company was fined EUR 100,000 for not securing applicant data on its website. The data was unencrypted and accessible via Google searches. This case shows the importance of protecting personal data to avoid hefty fines.
What happened
The company failed to encrypt applicant data, making it accessible through Google searches.
Who was affected
Job applicants who submitted their personal data through the company's online portal.
What the authority found
The authority fined the company for not securing personal data, violating GDPR's security requirements.
Why this matters
Businesses must ensure robust data protection measures to prevent unauthorized access and avoid significant fines under GDPR.
GDPR Articles Cited
The company accepted applications via an applicant portal integrated into its website. However, the data transmission was not encrypted. The storage of applicant data was also not encrypted and was not password protected. In addition, there was a link to Google for the unsecured applicant data, which meant that the application documents could be called up by anyone within the scope of a search of the applicant's name via Google. The German supervisory authority LfDI Baden-Württemberg fined EUR 100,000 the food craft company, because it had unlawfully processed personal data violating Article 5(1)(f) GDPR and it had not established an appropriate level of security, as required by Article 32 GDPR.
Related Enforcement Actions (0)
No other enforcement actions found for Food craft company (unknown) in DE
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Food craft company (unknown) - Germany (2019). Retrieved from cookiefines.eu
Last updated: