Civilstyrelsen – €13,400 Fine (Denmark, 2022)

€13,400Datatilsynet (Denmark)12 May 2022Denmark
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Danish agency Civilstyrelsen was fined EUR 13,400 for losing a USB stick with sensitive data. The stick wasn't encrypted, and the agency failed to report the breach. This case highlights the importance of securing data and reporting breaches promptly.

What happened

Civilstyrelsen lost an unencrypted USB stick containing sensitive information and failed to report the breach.

Who was affected

Individuals whose sensitive and confidential information was stored on the lost USB stick.

What the authority found

The Danish DPA found that Civilstyrelsen did not take necessary security measures like encryption and failed to report the data breach as required under GDPR.

Why this matters

This case emphasizes the need for organizations to implement strong data protection measures and report breaches. It serves as a reminder for businesses to encrypt sensitive data and have clear policies for data handling.

GDPR Articles Cited

Art. 32 GDPR
Art. 33 GDPR
Denmark enforcementDatatilsynet (Denmark) actionsAll Civilstyrelsen actions
Full Legal Summary
Detailed

The Danish DPA has imposed a fine of EUR 13,400 on the Danish agency Civilstyrelsen. A Civilstyrelsen USB stick containing more than 800 pages of sensitive and confidential information had been lost. During its investigation, the DPA found that the USB stick was not encrypted. In addition, the agency did not have any policies for its employees on the use of removable and portable media. Moreover, the DPA found that despite being aware of this data breach, the agency had not reported the breach, contrary to its obligation under Art. 33 GDPR. The DPA concluded that the agency had not taken appropriate technical and organizational measures to protect personal data. Encryption of removable media, for example, is a necessary and required security measure, especially if the removable media contain sensitive information such as personal data.

Related Enforcement Actions (0)

No other enforcement actions found for Civilstyrelsen in DK

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 May 2022

Authority

Datatilsynet (Denmark)

Fine Amount

€13,400

Enforcement Tracker ID

ETid-1161

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Civilstyrelsen - Denmark (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: