Details:
| Summary | The Danish DPA has imposed a fine of EUR 20,100 on the Danish Immigration Agency.
Media reports brought the DPA’s attention to possible logging errors in one of the agency’s IT systems, which could have an impact on the rights and freedoms of residents. The DPA consequently started an investigation at the agency. In spring and summer 2020, several security incidents occurred in the agency’s systems, resulting in the loss of data records. The loss of data led to proceedings being initiated against a number of residents regarding the reduction of their cash benefits, and a number of residents being reported to the police for non-compliance with the provisions of the Foreigners Act. During its investigation, the DPA found that a lack of technical and organizational measures allowed the incident to occur. For instance, the agency had not made adequate backups of the data processed, although this would have been necessary in view of the legal consequences a loss of the data could mean for the immigrants. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 20,100 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/