Details:
| Summary | The Swedish DPA has imposed a fine of EUR 43,000 on Indecap AB.
The controller had accidentally sent an email to a large number of its customers containing an Excel document including a report with personal data of other customers. The document cotained information on social security numbers, e-mail addresses, information on selected funds, etc. of more than 52,000 individuals. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data, allowing such an incident to occur. |
| Link: | link link |
| Related articles: | Art. 32 (1) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 43,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/