Comune di Venezia: Non-compliance with general data processing principles

The Italian DPA has imposed a fine of EUR 10,000 on the Comune di Venezia. The controller implemented a tourist tax, which includes exceptions for certain groups of visitors. When determining whether a person was entitled to be excluded from the tourist tax, the controller's data processing did not comply with the basic principles of the GDPR.

GDPR Articles: Art. 5 (1) a), b), c), e), f) GDPR, Art. 6 (1) e), (3) GDPR, Art. 25 GDPR, Art. 32 GDPR
Industry: Public Sector and Education