Clio S.r.l. – €10,000 Fine (Italy, 2022)

€10,000Garante per la protezione dei dati personali21 July 2022Italy
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Italy fined Clio S.r.l. EUR 10,000 for mishandling data from a whistleblowing app. Clio shared sensitive information with clients without a valid reason and failed to keep proper records. This case warns companies to ensure they have a solid legal basis for data sharing and maintain accurate records.

What happened

Clio S.r.l. was fined for sharing whistleblowing data with clients without a valid legal basis and not keeping proper records.

Who was affected

Individuals who used Clio's whistleblowing reporting application.

What the authority found

The Italian DPA found Clio violated GDPR by sharing data without a valid legal basis and failing to maintain a processing activity register.

Why this matters

This fine highlights the importance of having a valid legal basis for data processing and maintaining accurate records. Companies using whistleblowing apps should review their data handling practices to avoid similar penalties.

GDPR Articles Cited

Art. 2-ter Codice della privacy GDPR
Art. 6(GDPR)
Art. 5(1)(a) GDPR
Art. 30(2) GDPR
Italy enforcementGarante per la protezione dei dati personali actionsAll Clio S.r.l. actions
Full Legal Summary
Detailed

The Italian DPA has imposed a fine of EUR 10,000 on Clio S.r.l.. Clio provides and manages a whistleblowing reporting application for various private and public entities. As part of its investigation, the DPA found that Clio had not adequately regulated its relationship with customers. In addition, Clio provided data on whistleblowing reports to customers without a valid legal basis. The DPA considered this to be a violation of Art. 5 (1) a) GDPR and Art. 6 GDPR. Further, the DPA found that Clio had failed to maintain a register of activity carried out in its role as a processor. The DPA considered this to be a violation of Art. 30 (2) GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for Clio S.r.l. in IT

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

21 July 2022

Authority

Garante per la protezione dei dati personali

Fine Amount

€10,000

Enforcement Tracker ID

ETid-1463

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Clio S.r.l. - Italy (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: