Lolland municipiality – €6,700 Fine (Denmark, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Lolland municipality in Denmark was fined for not securing an employee's work phone with a password. This led to a data breach when the phone was stolen, exposing personal information like social security numbers and health data. The case highlights the importance of basic security measures like password protection for devices handling sensitive information.
What happened
An employee's work phone without a password was stolen, exposing sensitive personal data.
Who was affected
Citizens whose names, social security numbers, and health data were stored on the employee's phone.
What the authority found
The Danish DPA found that Lolland municipality failed to implement necessary security measures to protect personal data.
Why this matters
This case underscores the need for organizations to ensure all devices accessing sensitive data are secured with basic protections like passwords. It serves as a reminder for businesses to review their security policies to prevent similar breaches.
GDPR Articles Cited
The Danish DPA has imposed a fine of EUR 6,700 on Lolland municipiality. The municipality had reported a data breach to the DPA in accordance with Art. 33 GDPR. One of the municipality's employees had their work phone stolen. The employee used the phone to access their work email account which contained information on the names of several citizens, social security numbers and health data. During its investigation, the DPA found that the phone was not protected by a password. Therefore, it was possible to access the information stored on the phone. The DPA concluded that this incident had occurred due to the municipality's failure to take sufficient technical and organizational measures to protect personal data. The municipality should have ensured, at least, that each employee secured their cell phone with a password.
Related Enforcement Actions (0)
No other enforcement actions found for Lolland municipiality in DK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
11 August 2022
Authority
Datatilsynet (Denmark)
Fine Amount
€6,700
Enforcement Tracker ID
ETid-1330
About this data
Cite as: Cookie Fines. Lolland municipiality - Denmark (2022). Retrieved from cookiefines.eu
Last updated: