Details:
| Summary | During an inspection, the supervisory authority reviewed a number of IT systems to examine whether Arp-Hansen had sufficient procedures in place to ensure that personal data were not kept longer than necessary for the purposes of collection. It was found that one of the reservation systems contained a large amount of personal data that should already have been deleted in accordance with the deletion deadlines set by Arp-Hansen itself. |
| Link: | link |
| Related articles: | Art. 5 (1) e) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 147,800 |
| Sector | Accomodation and Hospitalty |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/