Enforcement

Een boete van 3.000.000 euro - De Estische Autoriteit voor Gegevensbescherming (AKI).

De Estische autoriteit voor gegevensbescherming heeft Allium UPI een boete van 3.000.000 euro opgelegd. De verantwoordelijke partij heeft nagelaten voldoende technische en organisatorische maatregelen te implementeren om de gegevensbeveiliging te waarborgen. Dit heeft geleid tot een datalek waarbij de persoonlijke gegevens van 750.000 personen betrokken waren, waaronder kinderen en andere kwetsbare groepen.

€3,000,000 fine - Estonian Data Protection Authority (AKI)

The Estonian DPA has imposed a fine of EUR 3,000,000 on Allium UPI. The controller failed to implement adequate technical and organisational measures to ensure data security. This resulted in a data breach involving the personal data of 750,000 individuals, including children and other vulnerable groups.

Estonian Data Protection Authority (AKI)

The Estonian DPA imposed a fine of EUR 85,000 on Asper Biogene OÜ. Asper Biogene OÜ suffered a data leak due to a lack of adequate security measures. The leak affected approximately 100,000 files containing personal, health and genetic data. Asper Biogene OÜ also appointed a member of the board of directors as DPO, resulting in a conflict of interest. A fine of EUR 80,000 was imposed for the inadequate security measures. The unlawful appointment of the DPO was fined EUR 5,000. ---UPDATE--- The T

€30,000 fine - Estonian Data Protection Authority (AKI)

The Estonian DPA imposed a fine of EUR 30,000 on Pere Sihtkapital SA. The controller conducted a survey on childless families. In the process, the controller failed to take all the necessary technical and organizational measures to ensure the required level of data protection. Pere Sihtkapital SA appealed against the decision. The outcome and status of the appeal are unknown.

€100,000 fine - Estonian Data Protection Authority (AKI)

The Estonian DPA (Andmekaitse Inspektsioon) fined three online pharmacies EUR 100,000 each for processing personal data without the consent of the data subjects. The data in question are prescriptions for medicines of the data subjects. Third parties were able to view another person's current prescriptions in the e-pharmacy environment without their consent, based only on access to their personal identification code. The DPA highlighted that while it must be possible to purchase prescription dru

€100,000 fine - Estonian Data Protection Authority (AKI)

The Estonian DPA (Andmekaitse Inspektsioon) fined three online pharmacies EUR 100,000 each for processing personal data without the consent of the data subjects. The data in question are prescriptions for medicines of the data subjects. Third parties were able to view another person's current prescriptions in the e-pharmacy environment without their consent, based only on access to their personal identification code. The DPA highlighted that while it must be possible to purchase prescription dru

€100,000 fine - Estonian Data Protection Authority (AKI)

The Estonian DPA (Andmekaitse Inspektsioon) fined three online pharmacies EUR 100,000 each for processing personal data without the consent of the data subjects. The data in question are prescriptions for medicines of the data subjects. Third parties were able to view another person's current prescriptions in the e-pharmacy environment without their consent, based only on access to their personal identification code. The DPA highlighted that while it must be possible to purchase prescription dru

€56 fine - Estonian Data Protection Authority (AKI)

Acess to personal data in a health database for private research activities.

€48 fine - Estonian Data Protection Authority (AKI)

Acess to personal data in a police database for private research activities.

€500 fine - Estonian Data Protection Authority (AKI)

Fine of EUR 500 against a housing association for publishing photos showing members of the association without their consent.