Company – €8,900 Fine (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German company was fined EUR 8,900 for failing to secure its online customer database. The database was only protected by a long web address, without passwords or other security measures. This highlights the need for robust security practices to protect customer data.
What happened
A company left its customer database online with inadequate security, relying only on a long URL.
Who was affected
Customers whose data was stored in the inadequately protected online database.
What the authority found
The authority found the company's security measures insufficient under GDPR, leading to a fine.
Why this matters
This case emphasizes the importance of implementing strong security measures like password protection to safeguard customer data, setting a precedent for data protection expectations.
GDPR Articles Cited
The DPA of Niedersachsen imposed a fine of EUR 8,900 on a company. The company had a customer database on the Internet with thousands of entries. During its investigation, the DPA found that the only access protection the company had implemented was a long-form web address but not additional measures such as password-protected access. The controller relied on the fact that the web would not become known.
Related Enforcement Actions (20)
Other enforcement actions involving Company in DE
Fine
€9K
Details
Fine Date
1 January 2022
Authority
Bundesbeauftragter für den Datenschutz
Fine Amount
€8,900
Enforcement Tracker ID
ETid-1886
About this data
Cite as: Cookie Fines. Company - Germany (2022). Retrieved from cookiefines.eu
Last updated: