Enforcement
EN ACTIVE ASSURANCES (car insurer): Insufficient technical and organisational measures to ensure information security
€180,000 fine - French Data Protection Authority (CNIL)
Content
Large amount of customer accounts, clients' documents (including copies of driver's licences, vehicle registration, bank statements and documents to determine whether a person had been the subject of a licence withdrawal) and data were easily accesible online. The CNIL, between others, critizised the password management (unauthorized access was possible without any authentication).
GDPR Articles: Art. 32 GDPR
Industry: Finance, Insurance and Consulting