Details:
Summary | As the UWV (the Dutch employee insurance service provider – ‘Uitvoeringsinstituut Werknemersverzekeringen’) did not use multi-factor authentication when accessing the online employer portal, security was inadequate. Employers and health and safety services were able to collect and display health data from employees in an absence system. |
Link: | link |
Related articles: | Art. 32 GDPR |
Type: | Insufficient technical and organisational measures to ensure information security |
Fine: | EUR 900,000 |
Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/