Details:
Summary | The Irish DPA has imposed a fine of EUR 100,000 on the nursing home operator VIEC Limited. The controller had notified the DPA of a data breach pursuant to Art. 33 GDPR. The controller had suffered a phishing attack in which an unauthorized third party gained access to an email account of a VIEC manager. As a result, the unknown third party also managed to access personal data such as health and biometric data of home residents. The DPA found this to be a breach of the principle of integrity and confidentiality. The DPA also found that the controller had failed to implement appropriate technical and organizational measures to protect personal data. |
Link: | link link |
Related articles: | Art. 5 (1) f) GDPR, Art. 32 (1) GDPR |
Type: | Non-compliance with general data processing principles |
Fine: | EUR 100,000 |
Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/