Company – €2,500 Fine (Belgium, 2022)

€2,500Autorité de Protection des Données23 August 2022Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian company was fined €2,500 for not protecting personal data on its digital platform. The platform allowed a roommate to see private information about another person without permission. This case shows the importance of securing personal data on digital platforms.

What happened

The company failed to protect personal data on its digital management platform, allowing unauthorized access.

Who was affected

The complainant, whose personal data was accessed by their roommate without consent, was affected.

What the authority found

The privacy authority found the company did not have proper measures to protect personal data, leading to unauthorized access.

Why this matters

This case highlights the necessity for companies to implement strong data protection measures to prevent unauthorized access. It serves as a reminder to review security practices regularly.

GDPR Articles Cited

Art. 5(1)(d) GDPR
Art. 5(2) GDPR
Art. 24(1) GDPR
Art. 32(1) GDPR
Belgium enforcementAutorité de Protection des Données actionsAll Company actions
Full Legal Summary
Detailed

The Belgian DPA has imposed a fine of EUR 2,500 on a company. The company operates a digital management platform where suppliers and customers can communicate and upload administrative documents. An individual, who is not themselves a member of the platform, had filed a complaint with the DPA. Since the complainant's roommate is a member of the platform, the complainant asked them to upload the joint water bill, which was in the complainant's name. The platform recognized the complainant's name and sent the roommate an invitation to connect with additional companies through the platform where the complainant was a customer. Although the roommate did not accept the invitation, they were able to view various data concerning the complainant. The DPA found that the company had failed to implement appropriate technical and organizational measures to protect personal data, in order, for example, to prevent easy access to third-party data.

Related Enforcement Actions (2)

Other enforcement actions involving Company in BE

Fine
Apr 2022· Autorité de Protection des Données

The data subject is a former managing director of the controller. When the data subject was dismissed, he deleted the data on the work laptop before h...

€8K
Current
Aug 2022

Fine

€3K

Fine
Apr 2025· Autorité de Protection des Données

The Belgian DPA imposed a fine of EUR 20,000 on a company. The controller is a company engaging in direct marketing activities. During those activies ...

€20K

Details

Fine Date

23 August 2022

Authority

Autorité de Protection des Données

Fine Amount

€2,500

Enforcement Tracker ID

ETid-1655

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Belgium (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: