VIEC Limited – €100,000 Fine (Ireland, 2022)

€100,000Data Protection Commission22 December 2022Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

VIEC Limited, a nursing home operator, was fined EUR 100,000 by the Irish DPA after a phishing attack exposed residents' sensitive data. The DPA found that VIEC failed to protect personal data adequately. This case emphasizes the need for strong cybersecurity measures to protect sensitive information.

What happened

VIEC Limited suffered a phishing attack that led to unauthorized access to residents' health and biometric data.

Who was affected

Residents of the nursing home operated by VIEC Limited, whose sensitive personal data was accessed.

What the authority found

The Irish DPA fined VIEC Limited for not implementing adequate security measures to protect personal data, violating GDPR's integrity and confidentiality principles.

Why this matters

This ruling highlights the critical importance of robust cybersecurity practices in protecting sensitive data. Businesses should ensure they have strong defenses against phishing and other cyber threats.

GDPR Articles Cited

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
Ireland enforcementData Protection Commission actionsAll VIEC Limited actions
Full Legal Summary
Detailed

The Irish DPA has imposed a fine of EUR 100,000 on the nursing home operator VIEC Limited. The controller had notified the DPA of a data breach pursuant to Art. 33 GDPR. The controller had suffered a phishing attack in which an unauthorized third party gained access to an email account of a VIEC manager. As a result, the unknown third party also managed to access personal data such as health and biometric data of home residents. The DPA found this to be a breach of the principle of integrity and confidentiality. The DPA also found that the controller had failed to implement appropriate technical and organizational measures to protect personal data.

Related Enforcement Actions (0)

No other enforcement actions found for VIEC Limited in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

22 December 2022

Authority

Data Protection Commission

Fine Amount

€100,000

Enforcement Tracker ID

ETid-1564

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. VIEC Limited - Ireland (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: