Viking Line Oy Abp – €230,000 Fine (Finland, 2022)

€230,000Tietosuojavaltuutetun toimisto9 December 2022Finland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Viking Line Oy Abp was fined EUR 230,000 for not properly informing employees about how their personal data was used and for storing health data incorrectly. They also failed to give a former employee access to their health records. This case stresses the importance of clear communication and proper data handling.

What happened

Viking Line Oy Abp did not inform employees about data processing and stored health data incorrectly.

Who was affected

Employees whose personal and health data were processed by Viking Line Oy Abp.

What the authority found

The Finnish DPA ruled that Viking Line Oy Abp violated GDPR by failing to inform employees about data processing and mishandling health data.

Why this matters

This highlights the critical need for companies to be transparent about data processing and to ensure data is stored correctly. Businesses should review their data handling and communication practices to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 13 GDPR
Art. 5(1)(a) GDPR
Art. 5(1)(d) GDPR
Art. 12(3) GDPR
Art. 15(1) GDPR
View original scraped data
Art. 5(1)(a) GDPR
d) GDPR
Art. 12(3) GDPR
Art. 13 GDPR
Art. 15(1) GDPR
Art. 25(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
date discrepancy
Finland enforcementTietosuojavaltuutetun toimisto actionsAll Viking Line Oy Abp actions
Full Legal Summary
Detailed

The Finnish DPA has imposed a fine of EUR 230,000 on Viking Line Oy Abp. A former employee had filed a complaint with the DPA. During its investigation, the DPA found that the controller had not complied with the data subject's request for access to their health data and that some of the medical data had been stored incorrectly. The DPA also found that the medical data was stored with other personal data, although such storage is unlawful. Furthermore, the DPA found that the controller had not properly informed its employees about the processing of their personal data, contrary to its obligation under Art. 13 GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for Viking Line Oy Abp in FI

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

9 December 2022

Authority

Tietosuojavaltuutetun toimisto

Fine Amount

€230,000

Enforcement Tracker ID

ETid-1526

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Viking Line Oy Abp - Finland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: