Postel S.p.A. – €900,000 Fine (Italy, 2024)
€900,000Garante per la protezione dei dati personali4 July 2024Italy
final
ePrivacy
Fine
The case involved a ransomware attack leading to unauthorized access and publication of sensitive employee data, unrelated to cookies or consent mechanisms.
GDPR Articles Cited
AI-verified
Art. 25 GDPR
Art. 25 GDPRData protection by design and by default: organisations must build privacy protections into their systems from the start.Art. 5(1)(f) GDPR
Art. 5(1)(f) GDPRCore data protection principles: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.Art. 33(3) GDPR
Art. 33(3) GDPRBreach notification to the authority: personal data breaches must be reported to the supervisory authority within 72 hours.View original scraped data
Art. 5(1)(f) GDPR
Art. 25 GDPR
Art. 33(3) GDPR
Original data from scraper before AI verification against source document.
Source verified 5 March 2026
national law identified
scope corrected
Full Legal Summary
The case involved a ransomware attack leading to unauthorized access and publication of sensitive employee data, unrelated to cookies or consent mechanisms.
Related Enforcement Actions (0)
No other enforcement actions found for Postel S.p.A. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 July 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€900,000
GDPRhub ID
gdprhub-8508About this data
Cite as: Cookie Fines. Postel S.p.A. - Italy (2024). Retrieved from cookiefines.eu
Report Inaccuracy
Last updated: