The Italian DPA announces EUR 300,000 fine for unlawful processing of data in the context of handling COVID-19 bonuses

12.03.2021

On 9 March 2021, the Italian DPA (“Garante”) announced a fine of EUR 300,000 was imposed against the National Institute of Social Security (“INPS”) for failure to comply with data protection requirements in the context of the checks carried out by INPS regarding those who applied for COVID-19 bonuses.

In particular, Garante identified non-compliance with the lawfulness, transparency, accuracy, and accountability principles under GDPR, as well as with the requirement to carry out a data protection impact assessment.

The press release may be accessed here, and the decision here (both available only in Italian).

Tags:COVID-19Data Protection Impact AssessmentGaranteGDPR principlesUpdate

-                                        Number of fines
-                                        Highest fine
+,000 €
-                                        Lowest fine
+€
-                                        Total amount of fines
+,000 €
-                                        Number of corrective measures
-                                        Number of fines triggered by data breach notifications
-                                        Number of fines triggered by complaints
-                                        Legal provisions mentioned in press releases
+                                        Article 24 (1), Article 32 (1) b), d), (2) of GDPR, Article 18 (2) of Law 102/2005

Dismissal of the data protection officer

Minimum data protection checklist on future law on whistleblowing protection

Introducing NIS 2 – main things to know and follow

Iurie Cojocaru

Partner, Head of the Data Protection practice

Roxana Ionescu

(1981-2023)

Statistics

Subscribe to NNDKP’s newsletters

Statistics

More In the spotlight

Statistics

Subscribe to NNDKP’s newsletters