ISWEB S.p.A. – €40,000 Fine (Italy, 2022)

€40,000Garante per la protezione dei dati personali7 April 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

ISWEB S.p.A. was fined EUR 40,000 for not properly managing data in a whistleblower system. They failed to give clear instructions to an external provider about handling personal data. This case shows the importance of clear communication and responsibility when using third-party services.

What happened

ISWEB S.p.A. failed to provide specific instructions to an external provider for handling data in a whistleblower system.

Who was affected

Users of the whistleblower system provided by ISWEB S.p.A. to a healthcare facility.

What the authority found

The Italian DPA found that ISWEB did not adequately instruct the external provider on data processing, violating GDPR requirements.

Why this matters

This case highlights the need for companies to ensure third-party providers are properly instructed on data handling to avoid GDPR violations.

GDPR Articles Cited

Art. 28 GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll ISWEB S.p.A. actions
Full Legal Summary
Detailed

The Italian DPA imposed a fine of EUR 40,000 on ISWEB S.p.A.. The fine is related to a fine against the healthcare facility Azienda ospedaliera di Perugia. ISWEB had provided the healthcare facility with the web application for its whistleblower system. During an investigation at the healthcare facility, the DPA identified multiple GDPR violations related to the whistleblower system. The DPA's investigation took place as part of a series of inspections addressing whistleblower system data processing at employers. In relation to ISWEB, the DPA found that they had used an external provider to host the whistleblower systems. However, ISWEB failed to provide the external provider with specific instructions for the processing of data subjects' data, as well as to inform the health care facility of the same.

Related Enforcement Actions (0)

No other enforcement actions found for ISWEB S.p.A. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

7 April 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€40,000

Enforcement Tracker ID

ETid-1160

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. ISWEB S.p.A. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: