Lazio Region – €100,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Lazio Region was fined €100,000 for keeping outdated personal data and failing to inform people about how their data was used. This happened after a woman received a letter meant for her deceased daughter. The case highlights the importance of keeping data accurate and providing clear information to individuals.
What happened
Lazio Region kept outdated personal data and failed to inform individuals about data processing practices.
Who was affected
The affected individuals were people whose personal data was inaccurately maintained by Lazio Region, including a deceased person's data.
What the authority found
The Italian DPA found that Lazio Region violated data protection principles by not updating personal data and failing to provide necessary information to individuals.
Why this matters
This case underscores the need for organizations to regularly update personal data and ensure transparency in their data practices. It serves as a reminder for businesses to maintain accurate records and communicate clearly with individuals about data use.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has imposed a fine of EUR 100,000 on Lazio Region. An individual had filed a complaint with the DPA because she had received an invitation from the regional health authority to participate in the cervical cancer screening program that was addressed to her daughter, who died in 1995. During its investigation, the DPA discovered that the daughter's data was still in the region's database even though she had already died. For this reason, the DPA found that the Region had violated the principles of accuracy and correctness. As the owner of the data, the Region should have ensured that the personal information was accurate and updated as necessary, and taken all reasonable steps to delete or correct the information it used in a timely manner. In addition to the above, the Garante also found that the Region had not properly provided data subjects with the required information about the processing of their personal data when sending out the invitation letters for a cervical cancer screening campaign. In imposing the fine, the DPA took into account, as an aggravating factor, that the Region had already received a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Lazio Region in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
15 September 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€100,000
Enforcement Tracker ID
ETid-1423
About this data
Cite as: Cookie Fines. Lazio Region - Italy (2022). Retrieved from cookiefines.eu
Last updated: