Details:
| Summary | The Italian DPA (Garante) has fined ICA s.r.l. EUR 30,000. The municipality of Collegno had implemented a system developed by ICA through which citizens could pay fines for traffic violations. However, due to a lack of security precautions, it was theoretically possible for unauthorized persons to access personal data stored via the program. For this reason, the DPA found that ICA had failed to implement appropriate technical and organizational measures providing a level of security commensurate with the risk posed to the data subject. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 30,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/