Italian Data Protection Authority (Garante)-Ministero dell'Ambiente e della Sicurezza Energetica (9/28/2023)

Details:

Summary	The Italian DPA has imposed a fine of EUR 5,000 on Ministero dell’Ambiente e della Sicurezza Energetica. The controller had published a document on its website that contained numerous data, including employee health data, without a valid legal basis. The document was publicly accessible for 16 days.
Link:	link
Related articles:	Art. 5 (1) a), c) GDPR, Art. 6 (1) c), e) GDPR, Art. 9 GDPR, Art. 2-ter Codice della privacy, Art. 2-sexies Codice della privacy, Art. 2-septies (8) Codice della privacy
Type:	Non-compliance with general data processing principles
Fine:	EUR 5,000
Sector	Public Sector and Education

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law