Appendix
A. Examples of the Coding Process
Original Description of Case |
Initial
Code |
Malpractice |
Cause |
||
Subcategory |
Category |
Subcategory |
Category |
||
The
Basketball Association transmitted personal data to third parties, which were
subsequently published on the Internet without consent of the data subjects.
In addition, the data protection authority found that the Basketball
Federation also disclosed personal data to a newspaper. |
Transfer personal data to third parties
without consent |
Unauthorized data transfer |
Data transfer |
Disregard for its obligations to obtain
informed consent |
Intrusive organizational measures |
The
cafe used CCTV cameras which also captured the public space outside resulting
in a violation of the so-called principle of data minimization. |
Use CCTV that also monitors the public
area |
Excessive data harvesting |
Data harvesting |
Intrusive use of surveillance systems |
Intrusive technical measures |
The
bank kept personal data of a data subject for several years, even after the
data subject was no longer a customer. The data was also accessible to bank
employees during this time. |
Retain personal data longer than
required |
Excessive data storage |
Data storage |
Inadequate digital forgetting mechanism |
Inadequate organizational measures |
Documents
containing personal data were disposed of in the area of the municipal
garbage dump. |
Dispose of documents containing personal
data without security measures |
Insecure data disposal |
Data disposal |
Inadequate technical measures to ensure
the security of data disposal |
Inadequate technical measures |