Details:

Summary In October 2019, the Data Protection Authority was informed by the Municipality of Bergen about a data breach in connection with the municipality’s tool for communication between school and home called ‘Vigilo’. This tool contained a module that allowed school and parents to communicate via a portal or app but that had not been secured properly to ensure the protection of personal data against security threats.
Link: link
Related articles:  Art. 5 (1) f) GDPR, Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 276,000
Sector Public Sector and Education

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law