University of Agder: Insufficient technical and organisational measures to ensure information security

The Norwegian DPA has fined the University of Agder (UiA) EUR 12,700. An employee of UiA had discovered that documents containing personal data of employees, students and external individuals were stored in open Microsoft Teams foldersand that employees with no business need were able to access them. During its investigation, the DPA found that UiA had failed to implement appropriate technical and organisational measures to protect personal data.

GDPR Articles: Art. 32 GDPR, Art. 24 GDPR
Industry: Public Sector and Education