Regulatory actions, fines, warnings, and enforcement decisions
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a three-figure fine on six private individuals. The individuals, who worked in a hospital, had accessed the medical records of a colleague who was undergoing treatment in the hospital at the time, without being involved in their treatment.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a three-figure fine on a police officer. The police officer had used the telephone number of a person who had filed a criminal complaint for private contacts, although such contact was only intended for the purpose of obtaining further evidence.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a three-figure fine on a fishing club due to the fact that lists of members' personal data such as first and last names, full addresses with telephone numbers, dates of birth and bank account details were freely accessible on their website.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a five-figure fine on a company. The controller had posted a list of employees' sickness-related absences for the year 2022 in the employee break room. The list contained details of the days on which they were absent from work due to their own illness or the illness of their child. The table was displayed for four weeks and in some cases third parties such as suppliers also had access to the list.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a five-figure fine on an aid organization. The aid organization provides transportation for people with illnesses. The organization had reported a data breach to the DPA in which data of data subjects had been published due to a hack. At the time of the attack, the controller's database contained more than 80,000 records with data that included information about the health status of the data subjects. During its investigation, the DPA found that the bank had fa
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a five-figure fine on a restaurant operator. During the Corona pandemic, the operator had required restaurant visitors to fill out forms with their name, address, telephone number and e-mail address for the purpose of contact tracing as required by law. However, there was no legal requirement to collect the e-mail address. Visitors were further required to check a box stating that they agreed to be contacted by the restaurant. However, the restaurant subsequent
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a five-digit fine on a bank. The bank had installed a video surveillance system that covered parts of the foyer of the branch with ATMs, the entrance area and the sidewalk and parking spaces in front of it. The transmission of the images as well as the commands to access the camera were carried out unencrypted via the Internet. The bank suffered a data breach in which unknown third parties compromised the video cameras and then posted the images on the Internet
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a five-digit fine on the operator of an outdoor swimming pool. The controller had processed more visitor data than legally required for contact tracing purposes in the context of the Covid pandemic.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a four-digit fine on a doctor of child and adolescent psychotherapy. The doctor had set up a Whatsgroup with 230 participants to communicate their new office address. A mother of a former minor patient had filed a complaint with the DPA over this, because the doctor had not obtained consent for the group. All group members were disclosed the phone numbers of other members. In some cases, group members were able to draw conclusions that children from families kn
Data Protection Authority of Brandenburg
A police officer had unlawfully disclosed personal data of a drunk driving incident to the offender's mother during a chance encounter. He thought that the mother, as his employer, could prevent a repeat offense by withdrawing the offender's car. However, the mother constitutes an unauthorized third party, meaning that the police officer was not allowed to disclose the information. For this reason, the DPA of Brandenburg imposed a fine for a violation of ยง 32 (1) BbgDSG. The Brandenburg Data Pro
Data Protection Authority of Brandenburg
A police officer had unlawfully accessed data in a police database. For this reason, the DPA of Brandenburg imposed a fine for a violation of ยง 32 (1) BbgDSG. The Brandenburg Data Protection Act (BbgDSG) sets out the supplementary regulations necessary to adapt the GDPR.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a fine on a real estate agent. The real estate agent had contacted an individual and offered him to sell a property he owned. Since the individual himself had not passed on his data to the real estate agent, he asked for information on the origin of the data and for the data to be deleted. The real estate agent informed the data subject that she had deleted the data. However, she did not comply with the data subject's right to access the data. Half a year later
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a fine on a company. An individual had filed a complaint with the DPA based on the fact that the company produced a video recording in which the complainant could be seen. The complainant then contacted the company and asked it to delete the video and to refrain from publishing it on the Internet. Nevertheless, the company published the video on its website as well as on several social networks. Moreover, even when the DPA asked the company to delete the video,
Data Protection Authority of Brandenburg
The DPA from Brandenburg imposed a three-digit fine on a company employee. The individual had sent an Excel spreadsheet with employee data of 56 employees to her private e-mail address from her official computer, although this was not necessary for her official activities. For this reason, the DPA determined that the employee had unlawfully transferred the other employees' data. The spreadsheet included, in addition to the full names of the employees, an overview of vacation days already taken a
Data Protection Authority of Brandenburg
A police officer had accessed data in a police database for private research purposes. The police officer queried the investigation process of a friend against the background of a judicial hearing. Via WhatsApp, he shared what information he had become aware of through his unauthorized retrievals. For this reason, the DPA of Brandenburg imposed a fine for a violation of ยง 32 (1) BbgDSG. The Brandenburg Data Protection Act (BbgDSG) sets out the supplementary regulations necessary to adapt the GDP
Data Protection Authority of Brandenburg
The DPA of Brandenburg imposed a fine on a physician. The father of a minor patient had filed a complaint with the DPA because the physician had transmitted numerous data on his child to a central billing office. The data included information on the child's name, address, date of birth, health insurance number, medical services provided and diagnoses made. The physician had passed on the data without the parents' consent and thus without a valid legal basis.
Data Protection Authority of Brandenburg
The DPA of Brandenburg has imposed a three-digit fine on a company employee. The employee had forwarded application documents received by his employer from his work e-mail address to his private e-mail address without authorization in order to get suggestions for the design of his own applications. He had not previously anonymized the resumes, so they continued to include all of the applicants' personal and professional data. Since sending the application documents to his private e-mail address
Data Protection Authority of Brandenburg
The operator of a ballet school had published photos of underage students on their website and Facebook page without the consent of the legal guardians.
Data Protection Authority of Brandenburg
A medical assistant at a doctor's office stored a patient's telephone number in her mobile phone and then contacted him for private purposes.
โฌ50,000 fine - Data Protection Authority of Brandenburg
The data controller had engaged an external company to carry out the duties of access to data according to Art. 15 GDPR. However, the engaged company conducted the correspondence with the data subjects under its own logo and in English language, so that it was not apparent to the data subjects who was responsible for the data processing. As a result, the data controller infringed the principle of transparency laid down in Art. 12 GDPR and did not sufficiently fulfil its obligations to provide in