Details:
| Summary | According to the data protection authority, the company’s data protection officer was not sufficiently involved in the processing of personal data breaches and the company did not have a system in place to prevent a conflict of interest of the DPO, who also held numerous other positions within the company (head of compliance and audit department), which led the DPA to the conclusion that the company’s DPO was not able to work independently. |
| Link: | link |
| Related articles: | Art. 31 GDPR, Art. 58 GDPR, Art. 37 GDPR |
| Type: | Insufficient involvement of data protection officer |
| Fine: | EUR 50,000 |
| Sector | Media, Telecoms and Broadcasting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/