Regulatory actions, fines, warnings, and enforcement decisions
Data Protection Authority of Bremen
The DPA in Bremen has imposed a fine on a company. The controller had stored an applicant's application documents after the application process for the purpose of further retention for the purpose of considering the applicant for future vacancies but had not obtained consent from the applicant in question.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on a clinic for transmitting an unredacted treatment report on the psychiatric treatment of the data subject to an accident insurance fund without a valid legal basis.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on the operator of an online dating platform. The controller had not provided an email verification procedure for registration on its dating platform. This resulted in a third party being able to register on the portal using the email address of the data subject.
Data Protection Authority of Bremen
The DPA of Bremen has imposed ten fines between EUR 100 and EUR 1,000 on police officers for unlawfully accessing police databases.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on a company. The controller had installed video cameras in the offices and monitored employees before, during and after their working hours as well as customers without authorization over a period of two years.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on a company. The controller had stored the contact details of former employees without their prior consent in order to contact them in the future to offer them further job opportunities.
Data Protection Authority of Bremen
The DPA of Bremen has imposed five fines on a real estate agency. The controller had repeatedly sent advertising messages to a former prospect and tried to contact them by telephone, even after the data subject had asked for their data to be deleted.
Data Protection Authority of Bremen
The DPA of Bremen has imposed five fines on website operators for using the tracking tool 'Google Analytics' without the prior consent of website users.
โฌ1,900,000 fine - Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine of EUR 1.9 million on the housing association BREBAU GmbH. BREBAU GmbH had processed upwards of 9,500 datasets about potential tenants without a valid legal basis. In particular, the DPA found that the controller had processed particularly sensitive data as defined by Art. 9 GDPR. For example, the controller unlawfully processed information about the skin color, ethnic origin, religious affiliation, sexual orientation and health status of the data subjects. B
Data Protection Authority of Bremen
The DPA of Bremen has imposed a five-digit fine on a company. The company had sent an unredacted social plan to all affected employees in the context of dismissals due to operational reasons, resulting in the disclosure of personal data contained therein, such as date of birth, age, marital status, number of dependent children, function in the company, severe disability, etc., to all employees. The DPA found that such extensive disclosure of personal data was unlawful due to the lack of a legal
Data Protection Authority of Bremen
The DPA of Bremen has imposed a five-digit fine on a company. The company had transferred the pay slips of its employees without their consent to another company, which was to continue to employ the employees in the future. The DPA considered the fact that a high double-digit number of employees were affected as an aggravating factor.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on a medical care center for having scanned a customer's ID card against their will and stored the copy. Once the customer complained, they were threatened with termination of the customer relationship. In assessing the fine, the DPA took into account the fact that the ID card had been scanned against the explicit objection of the data subject.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a fine on a supermarket. A store detective had taken a photo of the data subject on the occasion of an alleged theft and transmitted it via the messenger service WhatsApp to the manager, the store manager and two closing staff members, allegedly to enforce house rules but without a sufficient legal basis.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a company for failing to respond to a data subject's request for access to their data in a timely manner.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a private individual. The individual who worked in a restaurant, had contacted a restaurant visitor privately using the contact information they had provided, which was required for a restaurant visit during the Covid 19 pandemic.
Data Protection Authority of Bremen
The DPA from Bremen has fined a company for failing to inform the DPA pursuant to Art. 33 GDPR that an employee's business email account had been hacked.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a physician for failing to respond to a data subject's request for access to their data in a timely manner.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a physician for using a patient's contact details to contact them privately without their consent.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a physician for transmitting patient's data to a billing office without their consent.
Data Protection Authority of Bremen
The DPA of Bremen has imposed a five-digit fine on a company. The controller had unlawfully used GPS software in its company vehicles, allowing unrestricted monitoring of its employees over a long period oftime. The DPA found that such extensive monitoring was not necessary and therefor unlawful.
Data Protection Authority of Bremen
The DPA of Bremen imposed a fine on a private individual. The individual, who worked at a Covid19 testing center, had contacted a patient privately using the contact details the patient had provided for their Covid-test
Data Protection Authority of Bremen
The DPA of Bremen has imposed a three-digit fine on a company. The company offered its applicants an online application procedure on its website without informing users about the processing of their personal data.