Details:
| Summary | The Dutch DPA has imposed a fine of EUR 150,000 on International Card Services B.V. (ICS). ICS failed to carry out a data protection impact assessment before starting the digital identification of customers in the Netherlands in 2019. The identity check covered around 1.5 million people and involved sensitive personal data such as pictures of the data subjects. |
| Link: | link |
| Related articles: | Art. 35 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 150,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/