Skåne region – €17,600 Fine (Sweden, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Skåne region in Sweden was fined EUR 17,600 after an employee lost an unencrypted USB stick with sensitive data of nearly 2,000 people. The Swedish DPA found that the region didn't take enough steps to protect personal data. This case highlights the importance of encrypting sensitive information to prevent data breaches.
What happened
An employee of Skåne region lost an unencrypted USB stick containing sensitive personal data of nearly 2,000 people.
Who was affected
Nearly 2,000 people whose sensitive personal data was stored on the lost USB stick.
What the authority found
The Swedish DPA ruled that Skåne region failed to implement adequate measures to protect personal data, violating GDPR's security requirements.
Why this matters
This case emphasizes the need for organizations to use encryption and other security measures to protect sensitive data. It serves as a reminder for businesses to regularly review and update their data protection practices.
GDPR Articles Cited
The Swedish DPA has fined Skåne region EUR 17,600. An employee of the region had lost an unencrypted USB stick containing the social security numbers and sensitive personal data of nearly 2,000 people. The DPA found that the region had failed to implement adequate technical and organizational measures to protect personal data.
Related Enforcement Actions (0)
No other enforcement actions found for Skåne region in SE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 April 2023
Authority
Integritetsskyddsmyndigheten
Fine Amount
€17,600
Enforcement Tracker ID
ETid-1787
About this data
Cite as: Cookie Fines. Skåne region - Sweden (2023). Retrieved from cookiefines.eu
Last updated: