Details:
| Summary | Companies outside the Aegean Marine Petroleum Group had access to its servers containing personal data and copied the contents of the servers, since Aegean Marine Petroleum failed to take the necessary technical measures to secure the processing of large amounts of data and to keep the relevant software separate from the personal data stored on the servers. Furthermore, Aegean Marine Petroleum had not informed the data subjects of the processing of their personal data stored on the servers. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 150,000 |
| Sector | Transportation and Energy |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/