Heilsuveru – €81,000 Fine (Iceland, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Heilsuveru was fined for not protecting personal data properly after a data breach occurred. This is significant because it shows that companies must take necessary steps to secure user information. The ruling serves as a warning for businesses to improve their data protection measures.
What happened
Heilsuveru failed to implement adequate security measures to protect personal data, leading to unauthorized access.
Who was affected
Individuals whose personal data was exposed during the data breach at Heilsuveru.
What the authority found
The authority determined that Heilsuveru did not take appropriate technical and organizational steps to safeguard personal data, violating GDPR.
Why this matters
This case underscores the importance of robust data security practices for companies. It sets a precedent that businesses can be penalized for inadequate protection of personal data.
GDPR Articles Cited
The Icelandic DPA has fined Heilsuveru EUR 81,000. The controller had reported a data breach to the DPA, as two unauthorized persons had managed to view personal data. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data.
Related Enforcement Actions (0)
No other enforcement actions found for Heilsuveru in IS
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
3 July 2023
Authority
Persónuvernd
Fine Amount
€81,000
Enforcement Tracker ID
ETid-1940
About this data
Cite as: Cookie Fines. Heilsuveru - Iceland (2023). Retrieved from cookiefines.eu
Last updated: