Region of Lombardy – €20,000 Fine (Italy, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Region of Lombardy was fined for disclosing employee personal data during a company sale. This case is significant because it shows that organizations must protect personal information, especially during business transactions.
What happened
The Region of Lombardy unlawfully disclosed personal data of employees during the sale of company shares.
Who was affected
Employees whose personal data, including income and employment information, was disclosed in a draft contract.
What the authority found
The Garante ruled that the Region of Lombardy violated data protection rules by unlawfully disclosing personal information.
Why this matters
This ruling underscores the importance of safeguarding personal data during business activities. Companies should implement strict data protection measures to prevent unauthorized disclosures.
GDPR Articles Cited
The Italian DPA has imposed a fine of EUR 20,000 on the Region of Lombardy. In the context of the sale of company shares held by the region, personal data of employees of the companies were unlawfully disclosed. Employees discovered that when they entered their first name and surname in a search engine, a link appeared to the draft contract between the Region and the acquiring company, containing personal data such as income information, employment information, etc. of employees.
Related Enforcement Actions (0)
No other enforcement actions found for Region of Lombardy in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
26 October 2023
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000
Enforcement Tracker ID
ETid-2149
About this data
Cite as: Cookie Fines. Region of Lombardy - Italy (2023). Retrieved from cookiefines.eu
Last updated: