Company – €20,000 Fine (Lithuania, 2023)

€20,000Valstybine duomenu apsaugos inspekcija20 April 2023Lithuania
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Lithuanian company was fined EUR 20,000 after a data breach exposed personal data of 50,000 people. The company didn't have proper security measures, like access controls and data retention policies, to protect this information. This case highlights the importance of securing personal data to avoid breaches and penalties.

What happened

A company suffered a data breach that exposed personal data of 50,000 people due to inadequate security measures.

Who was affected

The personal data of 50,000 individuals were compromised in the breach.

What the authority found

The Lithuanian DPA found the company failed to implement necessary technical and organizational measures to protect personal data, violating GDPR requirements.

Why this matters

This fine underscores the need for companies to have strong security measures in place to protect personal data. It serves as a warning that failing to do so can lead to significant penalties.

GDPR Articles Cited

Art. 5(1)(e) GDPR
Art. 32(1)(b) GDPR
Lithuania enforcementValstybine duomenu apsaugos inspekcija actionsAll Company actions
Full Legal Summary
Detailed

The Lithuanian DPA has fined a company EUR 20,000. The company had suffered a data breach in which personal data of 50,000 data subjects were compromised. During its investigation, the DPA found that the company had failed to implement appropriate technical and organizational measures to protect personal data. These included the lack of adequate access controls and authentication of IT system administrators in the controller's information systems. Also, the DPA found that the company failed to set an appropriate retention period for personal data.

Related Enforcement Actions (2)

Other enforcement actions involving Company in LT

Fine
Jan 2023· Valstybine duomenu apsaugos inspekcija

The Lithuanian DPA has fined a company EUR 8, 000. The controller failed ot properly fulfil the data subject's right to access their personal data pro...

€8K
Current
Apr 2023

Fine

€20K

Fine
Jan 2025· Valstybine duomenu apsaugos inspekcija

The Lithuanian DPA has imposed a fine of EUR 12,000 on a company providing vehicle history check services. The controller refused a data subject's req...

€12K

Details

Fine Date

20 April 2023

Authority

Valstybine duomenu apsaugos inspekcija

Fine Amount

€20,000

Enforcement Tracker ID

ETid-1973

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Company - Lithuania (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: