The Danish data protection authority, Datatilsynet, fined Lejre Municipality DKK 50,000 for violations of the EU General Data Protection Regulation. The DPA found the municipality failed its obligations as a data controller after it was revealed citizens' information was uploaded to its staff portal. A large number of municipality employees had access to the information, which included data on citizens under the age of 18. (Original article is in Danish.)
If you want to comment on this post, you need to login.