Legal Entity: Insufficient technical and organisational measures to ensure information security

The Slovenian DPA has imposed a fine of EUR 5,020 on a legal entity. The controller had developed an application that allowed the exchange of personal data, but failed to implement technical measures to protect the programming interface when switching from the test environment to the production environment. This resulted in a data breach affecting approximately 100,000 users. The entity was fined EUR 4,820, and the person responsible was fined EUR 200.

GDPR Articles: Art. 32 GDPR
Industry: Not assigned