Asper Biogene OÜ: Insufficient technical and organisational measures to ensure information security

The Estonian DPA imposed a fine of EUR 85,000 on Asper Biogene OÜ. Asper Biogene OÜ suffered a data leak due to a lack of adequate security measures. The leak affected approximately 100,000 files containing personal, health and genetic data. Asper Biogene OÜ also appointed a member of the board of directors as DPO, resulting in a conflict of interest. A fine of EUR 80,000 was imposed for the inadequate security measures. The unlawful appointment of the DPO was fined EUR 5,000. ---UPDATE--- The Tartu County Court overturned the DPA's decision. The DPA has appealed against the court's decision.

GDPR Articles: Unknown
Industry: Health Care