Gladsaxe Municipality fined DKK 100k

On 10/Mar/2020, Gladsaxe Municipality received a privacy fine of DKK 100,000. The enforcement authority (Danish Data Protection Agency) has cited these legal provisions in imposing the fine on Gladsaxe Municipality: Article 32 GDPR/ GDPR/

Essentials

Date of enforcement action:
10/Mar/2020
Jurisdiction: Fine imposed:
Denmark Flag for Denmark, which is the jurisdiction taking enforcement action DKK 100,000 (US$14,600)
Defendant company or entity: Industry segment:
Gladsaxe Municipality Government /

Case summary

In this case, the inadequate security controls of Gladsaxe Municipality caused a serious breach of the personal data security, when a computer containing personal data on 20,620 citizens, including information of sensitive nature and personal identification numbers, was stolen from Gladsaxe City Hall.

A fine was imposed because the computer in question was not protected by encryption, which was considered a reasonable precaution for Gladsaxe Municipality to take given its duties under the GDPR.

The fine represents a value of approximately EUR 0.70 (cents) per individual data subject impacted by the breach.

The situation came to light when Gladsaxe Municipality reported the data breach to the authorities.

(Danish Data Protection Agency)

Applicable legal provisions

Enforcement information

Enforcement authority: Type of enforcement action:
Danish Data Protection Agency Flag for Denmark, which is the jurisdiction taking enforcement action Penalty notice
Subject to appeal?
Not known

Cite this fine in your work

Data Privacy Fines Index. (2020-03-10 03:51) Gladsaxe Municipality fined DKK 100k. dataprivacyfines.com. Retrieved from https://privacyfines.com/fine/gladsaxe-municipality-fined-dkk-100k/

Entry last updated: 2020-04-11 04:06 GMT.