Regulatory actions, fines, warnings, and enforcement decisions
Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Wuerttemberg has imposed a four-digit fine on a pizza delivery service. The controller had disposed of receipts containing customers' personal data at a public waste disposal site.
Data Protection Authority of Baden-Wuerttemberg
The DPA in Baden-Wuerttemberg imposed a fine on a private individual for installing a motion tracker on the data subject's car without their consent.
€2,000 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Wuerttemberg has imposed a fine of EUR 2,000 on a clinic employee. The employee had unlawfully accessed a patient administration system in order to find out more about their new neighbor. This not only gave them access to personal details of the data subject, but also to medical information about them.
€1,200 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Wuerttemberg has imposed a fine of EUR 1,200 on a police officer. The officer had accessed data in police databases for private research purposes without a valid legal basis.
Data Protection Authority of Baden-Wuerttemberg
Unlawful use of a dashcam
€5,000 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Württemberg has imposed a fine of EUR 5,000 on a surveyor. The surveyor had used his authority to inspect the electronic land register to identify several hundred property owners in two cases without their knowledge and had passed on the relevant information to a property developer. The latter in turn contacted the identified owners. The DPA determined that both the surveyor and the developer had unlawfully processed the data of the property owners.
€50,000 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Württemberg has imposed a fine of EUR 50,000 on a property development company. The company had sent a letter to a property owner in which it made a purchase price offer for their property. The letter did not contain any information on the origin of the data. Even after the owner asked the company where the data had been obtained, the company did not reply. In the course of its investigation, the DPA discovered that a surveyor had made use of his authority to inspect the electro
€500 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA from Baden-Württemberg imposed a fine of EUR 500 on a restaurant. The owner had disposed of a large quantity of Covid contact forms in the forest.
Data Protection Authority of Baden-Wuerttemberg
The DPA from Baden-Württemberg has imposed a fine on a debt collection company. The debt collection company had received investor information from an employee of an insolvent company, which it used to offer its services to assist the affected investors with insolvency claims. However, the DPA found that the company had processed the data without the required legal basis. In addition, the debt collection company failed to provide the data subjects with necessary information, such as the origin of
€20,000 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA from Baden-Württemberg has imposed a fine of EUR 20,000 on a company. The company had developed a new office plan that took into account the vaccination status of its employees. For information purposes, the office plan showing the new occupancy was sent to the employees. Each employee was assigned a color (green, yellow or red) depending on their vaccination status. The DPA found that the color system allowed the disclosure of the vaccination status of all employees and was therefore un
€6,500 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA of Baden-Württemberg imposed a fine of EUR 6,500 on a pharmacy. The pharmacy had disposed of a large number of personal documents, including diagnoses and medical prescriptions of data subjects, in trash containers that were accessible to other people.
€300,000 fine - Data Protection Authority of Baden-Wuerttemberg
The DPA from Baden-Württemberg has imposed a fine of EUR 300,000 on the soccer club VfB Stuttgart 1893 AG for negligent breach of data protection accountability under Art. 5 (2) GDPR. However, the controller has promoted the DPA's investigation and clarification measures through its own initiative and has cooperated extensively with the DPA.
€1,240,000 fine - Data Protection Authority of Baden-Wuerttemberg
From 2015 to 2019, AOK Baden-Württemberg (insurance organization) organized competitions on various occasions and collected personal data of the participants, including their contact details and health insurance affiliation. The AOK also wanted to use this data for advertising purposes, provided the participants had given their consent. With the help of technical and organizational measures, including internal guidelines and data protection training, the AOK wanted to ensure that only data of th
€100,000 fine - Data Protection Authority of Baden-Wuerttemberg
The company had set up an applicant portal on its website where interested parties could submit their application documents online. However, the company did not offer an encrypted transmission of the data, nor did it store the applicant data in an encrypted or password-protected manner. In addition, the unsecured applicant data was linked to Google, so that anyone searching for the respective applicant names on Google could find their application documents and retrieve them without access restri
€1,400 fine - Data Protection Authority of Baden-Wuerttemberg
The police officer, using his official user ID but without reference to official duties, queried the owner data concerning the license plate of a person who he did not know well via the Central Traffic Information System (ZEVIS) of the Federal Motor Transport Authority. Using the personal data obtained in this way, he then carried out a so-called SARS enquiry with the Federal Network Agency, in which he asked not only for the personal data of the injured parties but also for the home and mobile
€80,000 fine - Data Protection Authority of Baden-Wuerttemberg
In an administrative decision dated 12 April 2019, the authority imposed a fine of 80,000 euros on a medium-sized financial services company. This company had failed to take the necessary care to preserve the integrity and confidentiality of information within the meaning of Art. 5 para. 1 lit. f GDPR when disposing of documents containing personal data of two customers. Thus, without prior anonymisation, the papers were disposed of in the general waste paper recycling system, where the document
€80,000 fine - Data Protection Authority of Baden-Wuerttemberg
In a digital publication, health data was accidentally published due to inadequate internal control mechanisms.
€20,000 fine - Data Protection Authority of Baden-Wuerttemberg
After a hacker attack in July personal data of approx. 330.000 users, including passwords and email addresses had been revealed.