Details:
Summary | The company had set up an applicant portal on its website where interested parties could submit their application documents online. However, the company did not offer an encrypted transmission of the data, nor did it store the applicant data in an encrypted or password-protected manner. In addition, the unsecured applicant data was linked to Google, so that anyone searching for the respective applicant names on Google could find their application documents and retrieve them without access restrictions. |
Link: | link |
Related articles: | Art. 5 GDPR, Art. 32 GDPR |
Type: | Insufficient technical and organisational measures to ensure information security |
Fine: | EUR 100,000 |
Sector | Accomodation and Hospitalty |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/