Skip to content
News
EN

IP (Slovenia) - 0609-36/2026/7

GDPRhub

Content

The DPA fined a company operating an online store €1,198 following a data breach caused by an employee downloading an unlicensed software. English Summary. Facts. A company (the controller) operates an online store. An employee of the controller used a pirated and unlicensed software when creating the website. This software contained malicious code, which allowed a third person to access the controller’s customer database. The third person accessed data subjects’ full names, addresses, contact information, and order information. It is unclear whether the DPA initiated an ex-officio investigation on the controller, or if it originated from a complaint. Holding. The DPA found a violation of Article 32, as the controller failed to implement appropriate technical and organisational measures to ensure security of processing. The DPA stated that the employee committed the violation while performing their duties and acting on behalf of the controller. Therefore, the controller was responsible

Related across sources

Similar Content