Original Description of Case

Initial Code

Malpractice

Cause

Subcategory

Category

Subcategory

Category

The Basketball Association transmitted personal data to third parties, which were subsequently published on the Internet without consent of the data subjects. In addition, the data protection authority found that the Basketball Federation also disclosed personal data to a newspaper.

Transfer personal data to third parties without consent

Unauthorized data transfer

Data transfer

Disregard for its obligations to obtain informed consent

Intrusive organizational measures

The cafe used CCTV cameras which also captured the public space outside resulting in a violation of the so-called principle of data minimization.

Use CCTV that also monitors the public area

Excessive data harvesting

Data harvesting

Intrusive use of surveillance systems

Intrusive technical measures

The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time.

Retain personal data longer than required

Excessive data storage

Data storage

Inadequate digital forgetting mechanism

Inadequate organizational measures

Documents containing personal data were disposed of in the area of the municipal garbage dump.

Dispose of documents containing personal data without security measures

Insecure data disposal

Data disposal

Inadequate technical measures to ensure the security of data disposal

Inadequate technical measures