Germany:
Data Protection Authority Issues First German Fine Under GDPR
16 January 2019
by
Laurent De Muyter
,
Undine Von Diemar
,
Olivier Haas
,
Jörg Hladjk
,
Bastiaan Kout
,
Jonathon Little
,
Martin Lotz
,
Hatziri Minaudier
,
Selma Olthof
,
Audrey Paquet
,
Sara Rizzon
,
Irene Robledo
,
Elizabeth A. Robertson
and
Rhys Thomas
Jones Day
To print this article, all you need is to be registered or login on Mondaq.com.
On November 21, the Data Protection Authority of
Baden-Württemberg issued the first fine under the GDPR in
Germany against a social media provider for violating data security
requirements (source document in German). The company had notified
the authority of a data breach after becoming aware that the
personal data of 330,000 users, including email addresses and
passwords, had been stolen during a hack. The authority determined
that the company violated data security obligations under Article
32 of the GDPR, for example by storing the passwords in clear text.
The authority imposed a modest fine of €20,000 and took into
account mitigating factors such as the company's willingness to
cooperate with the authority.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Privacy from Germany
EDPB Launches Website Auditing Tool
Harneys
The European Data Protection Board (EDPB) recently introduced a website auditing tool to improve compliance with the General Data Protection Regulation.
Online Safety Act Becomes Law
Venner Shipley
The UK Online Safety Act (the ‘Act'), heralded as a progressive step toward internet regulation, has become law amid significant concerns. The Act received Royal Assent on 26 October 2023...
At Long Last, The Much-Anticipated Amendment To The Turkish Data Protection Law Finds Its Place In The Official Gazette
Balcioglu Selçuk Ardiyok Keki Attorney Partnership
Data protection, personal data, amendment, GDPR, cross-border transfers, adequacy decision, appropriate safeguard, standard contractual clauses, special categories of personal data, Act No. 6698