Region of Tuscany – €10,000 Fine (Italy, 2022)

€10,000Garante per la protezione dei dati personali10 February 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Region of Tuscany accidentally published personal data of over 3,500 job applicants online. This breach resulted in a fine for not protecting people's information properly. Organizations should double-check their data handling processes to avoid such mistakes.

What happened

The Region of Tuscany mistakenly published personal data of 3,548 job applicants online.

Who was affected

The affected individuals were applicants for administrative assistant positions whose personal data was exposed.

What the authority found

The Italian data protection authority fined the Region of Tuscany for failing to protect personal data, violating GDPR's requirements for lawful processing and data security.

Why this matters

This incident highlights the importance of careful data management and security measures, especially when handling sensitive information. Organizations should ensure robust processes are in place to prevent accidental data exposure.

GDPR Articles Cited

Art. 2-ter Codice della privacy GDPR
Art. 5 GDPR
Art. 6 GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Region of Tuscany actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 10,000 on the Region of Tuscany. The region had notified the DPA of a data breach pursuant to Art. 33 GDPR. The region stated that it had inadvertently published personal data of 3,548 applicants for administrative assistant positions. The data concerned information that the applicants had shared as part of a pre-selection test for the application. The region had mistakenly published a URL through which personal data and the results of the test could be viewed.

Related Enforcement Actions (1)

Other enforcement actions involving Region of Tuscany in IT

Current
Feb 2022

Fine

€10K

Fine
May 2022· Garante per la protezione dei dati personali

The Italian DPA has imposed a fine of EUR 16,000 on the Region of Tuscany. The region had published documents on its website containing information on...

€16K

Details

Fine Date

10 February 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1100

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Region of Tuscany - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: