Details:
| Summary | The Hellenic DPA imposed a fine of EUR 50,000 on the Athens Urban Transport Organization. As part of its investigation, the DPA found that the controller had failed to comply with the principle of data protection by design and by default. It also failed to carry out a data protection impact assessment and to set appropriate retention periods for the storage of personal data. |
| Link: | link |
| Related articles: | Art. 5 (1) e) GDPR, Art. 25 (1) GDPR, Art. 35 (1) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 50,000 |
| Sector | Transportation and Energy |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/