Details:
| Summary | The Italian DPA (Garante) has imposed a fine of EUR 40,000 on the municipality of Palermo. A data subject had filed a complaint with the Italian DPA against the municipality of Palermo. His complaint was based on the fact that his personal data from a food subsidy application he had submitted had been acquired by an unauthorized person and processed for his own purposes. As the DPA determined in the course of its investigations, such processing had occurred because the municipality had not implemented adequate technical and organizational measures to ensure the security and confidentiality of the processing. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 25 GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 40,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/