Restaurant – Fine (Germany, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A German restaurant improperly disposed of guest registration forms used for Covid-19 contact tracing, leaving them in a public dumpster. The investigation revealed that the restaurant also failed to secure these forms during operation. This incident serves as a reminder to businesses to handle personal data with care and implement proper security measures.
What happened
The restaurant disposed of guest registration forms in a publicly accessible dumpster.
Who was affected
Guests who filled out registration forms for Covid-19 contact tracing.
What the authority found
The authority found that the restaurant failed to protect personal data by not implementing adequate security measures.
Why this matters
This case highlights the importance of securing personal data, especially during public health efforts. Businesses should ensure data is stored and disposed of securely to protect customer privacy.
GDPR Articles Cited
A restaurant had disposed of 120 completed guest registration forms for contact tracing purposes during the Covid-19 pandemic in a publicly-accessible dumpster. During its investigation, the DPA also found that already during the restaurant's operation, the restaurant had not implemented adequate safeguards to protect the data processed during the guest registration process. For example, the completed guest registration forms were kept in an adjoining room accessible to all employees without special security measures, such as a locked cabinet.
Related Enforcement Actions (4)
Other enforcement actions involving Restaurant in DE
Fine
Details
Fine Date
1 January 2021
Authority
Bundesbeauftragter für den Datenschutz
Enforcement Tracker ID
ETid-1349
About this data
Cite as: Cookie Fines. Restaurant - Germany (2021). Retrieved from cookiefines.eu
Last updated: