Enforcement
EN Poste Vita S.p.a.: Insufficient technical and organisational measures to ensure information security
€80,000 fine - Italian Data Protection Authority (Garante)
Content
The Italian DPA has imposed a fine on Poste Vita S.p.a. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a third party successfully tricking an employee into forwarding sensitive personal data, which was then used against the data subject.
GDPR Articles: Art. 5 (1) a), f) GDPR, Art. 33 (1) GDPR
Industry: Finance, Insurance and Consulting