Brav s.r.l. – €10,000 Fine (Italy, 2022)

€10,000Garante per la protezione dei dati personali24 March 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Italian data protection authority fined Brav s.r.l. EUR 10,000 after a data breach exposed personal data used by the Genoa Police. The breach happened because employees shared passwords, which the company should have managed better. This case shows the importance of strong password policies to protect sensitive data.

What happened

Brav s.r.l. was fined EUR 10,000 for a data breach caused by poor password management.

Who was affected

Individuals whose personal data was accessed through the Genoa Police's platform.

What the authority found

The authority found that Brav s.r.l. failed to implement adequate security measures, like regular password changes, to protect personal data.

Why this matters

This case highlights the critical role of effective password management in safeguarding data. Companies must ensure robust security practices to prevent unauthorized access, especially when handling sensitive information.

GDPR Articles Cited

Art. 32 GDPR
Art. 5(1)(f) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Brav s.r.l. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 10,000 on Brav s.r.l.. The operator of the online platform had reported a data breach to the DPA pursuant to Art. 33 GDPR. Unauthorized persons had managed to access the platform used by the Genoa Police for the management of traffic violations, as well as the personal data contained therein. According to the City of Genoa, it was possible to gain unauthorized access to the platform due to the fact that certain employees had unauthorizedly disclosed the password for accessing the platform, in violation of official regulations. For this reason, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data. The controller should have ensured that passwords were changed regularly to prevent unauthorized persons from gaining access to personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Brav s.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

24 March 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1150

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Brav s.r.l. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: