Details:

Summary The Italian DPA has imposed a fine of EUR 800,000 on NTT Data Italia S.P.A. The fine is related to the fine imposed on UniCredit (ETid-2227). UniCredit had contracted NTT to carry out vulnerability analyses and penetration tests. During its investigation, the DPA found that NTT had not notified UniCredit of a data breach in a timely manner. In addition, NTT had contracted another company to carry out vulnerability assessments and penetration tests without prior authorization from the bank as the data controller.
Link: link link
Related articles:  Art. 28 (2) GDPR, Art. 33 (2) GDPR
Type: Insufficient fulfilment of data breach notification obligations
Fine: EUR 800,000
Sector Industry and Commerce

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law