Aid organization – €50,000 Fine (Germany, 2022)

€50,000Bundesbeauftragter für den Datenschutz1 January 2022Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

An aid organization in Germany was fined for not protecting sensitive health data, leading to a data breach. This is important because it shows the need for strong security measures to protect personal information.

What happened

An aid organization's inadequate security measures led to a data breach exposing health information.

Who was affected

Individuals whose health data was stored in the aid organization's database.

What the authority found

The authority fined the organization for failing to secure personal data and not having proper agreements with data processors.

Why this matters

This case underscores the necessity for organizations to implement robust security measures and proper contracts with service providers to protect sensitive data.

GDPR Articles Cited

Art. 32 GDPR
Art. 28(3) GDPR
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Aid organization actions
Full Legal Summary
Detailed

The DPA of Brandenburg has imposed a five-figure fine on an aid organization. The aid organization provides transportation for people with illnesses. The organization had reported a data breach to the DPA in which data of data subjects had been published due to a hack. At the time of the attack, the controller's database contained more than 80,000 records with data that included information about the health status of the data subjects. During its investigation, the DPA found that the bank had failed to take adequate technical and organizational measures to protect personal data, which allowed such a breach to occur. In addition, the DPA found that the bank had failed to conclude a processing agreement with its processors.

Related Enforcement Actions (0)

No other enforcement actions found for Aid organization in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 January 2022

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€50,000

Enforcement Tracker ID

ETid-1797

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Aid organization - Germany (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: