Bank – €50,000 Fine (Germany, 2022)

€50,000Bundesbeauftragter für den Datenschutz1 January 2022Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A German bank was fined €50,000 for not securing its video surveillance system, leading to a data breach. The bank's cameras were hacked, and footage was leaked online. This incident shows the importance of encrypting data and having agreements with service providers to protect privacy.

What happened

A bank's video surveillance system was hacked, leaking footage online due to inadequate security measures.

Who was affected

People captured by the bank's video surveillance system, including those in the foyer, entrance, and surrounding areas.

What the authority found

The data protection authority found the bank failed to secure its video surveillance system and did not have proper agreements with service providers, violating GDPR's security requirements.

Why this matters

This case highlights the necessity for businesses to encrypt data and establish clear agreements with service providers to prevent breaches. It serves as a reminder to review and strengthen security measures for surveillance systems.

GDPR Articles Cited

Art. 32 GDPR
Art. 28(3) GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Bank actions
Full Legal Summary
Detailed

The DPA of Brandenburg has imposed a five-digit fine on a bank. The bank had installed a video surveillance system that covered parts of the foyer of the branch with ATMs, the entrance area and the sidewalk and parking spaces in front of it. The transmission of the images as well as the commands to access the camera were carried out unencrypted via the Internet. The bank suffered a data breach in which unknown third parties compromised the video cameras and then posted the images on the Internet. They were also able to control the cameras to a limited extent. During its investigation, the DPA found that the bank had failed to implement adequate technical and organizational measures to protect personal data, which facilitated such a breach. In addition, the DPA found that the bank failed to enter into a processing agreement with its processors, that also had access to cameras and images.

Related Enforcement Actions (1)

Other enforcement actions involving Bank in DE

Current
Jan 2022

Fine

€50K

Court Ruling
Feb 2022· DPA FGMnchen

In 2019, the data subject, a bank, received a letter from the controller, the tax authority, informing it of a number of investigation results and ann...

Details

Fine Date

1 January 2022

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€50,000

Enforcement Tracker ID

ETid-1794

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bank - Germany (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: