Dedalus Italia S.p.A. – €32,000 Fine (Italy, 2026)

€32,000Garante per la protezione dei dati personali26 February 2026Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Dedalus Italia S.p.A. was fined €32,000 for not securing an employee portal, which allowed unauthorized access to personal data. This is significant because it highlights the importance of data security measures.

What happened

Dedalus failed to implement adequate security measures during maintenance of its employee portal, leading to data breaches.

Who was affected

Employees of the portal's users were affected as their personal data was improperly accessed.

What the authority found

The Italian DPA ruled that Dedalus violated GDPR rules by not ensuring proper security for personal data.

Why this matters

This ruling underscores the need for companies to prioritize data security. Businesses must take necessary steps to protect personal information from unauthorized access.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
View original scraped data
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 157 Codice Privacy
Source verified 29 April 2026
national law identified
Italy enforcementGarante per la protezione dei dati personali actionsAll Dedalus Italia S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 32,000 on Dedalus Italia S.p.A. The controller, who operates an employee portal used in the healthcare sector, carried out maintenance work on the application, but failed to implement adequate technical and organisational security measures. This resulted in employees of the portal's users being able to access the personal data of their colleagues that they should not have been able to access.

Related Enforcement Actions (0)

No other enforcement actions found for Dedalus Italia S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 February 2026

Authority

Garante per la protezione dei dati personali

Fine Amount

€32,000

Enforcement Tracker ID

ETid-3124

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Dedalus Italia S.p.A. - Italy (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: