Ica s.r.l.: Insufficient technical and organisational measures to ensure information security

The Italian DPA (Garante) has fined ICA s.r.l. EUR 30,000. The municipality of Collegno had implemented a system developed by ICA through which citizens could pay fines for traffic violations. However, due to a lack of security precautions, it was theoretically possible for unauthorized persons to access personal data stored via the program. For this reason, the DPA found that ICA had failed to implement appropriate technical and organizational measures providing a level of security commensurate with the risk posed to the data subject.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Industry: Industry and Commerce