Details:

Summary The data protection authority finds that the company has not taken adequate technical and organisational measures to ensure an adequate level of information security. This applies in particular to the collection and transmission of copies of customers’ identification documents via WhatsApp.
Link: link
Related articles:  Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 5,000
Sector Finance, Insurance and Consulting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law