GDPR fine 1,2M euro to Health Insurance Company from LfDI Baden-Württemberg
The Baden-Württemberg data protection authority (‘LfDI Baden-Württemberg‘) issued, on 30 June 2020, a decision (‘the Decision’) fining Allgemeine Ortskrankenkasse (‘AOK’) Baden-Württemberg €1,240,000 for unlawful data processing in a direct marketing context and insufficient internal technical and organisational privacy measures, which occurred lot of data violations.
GDPR fine for Data Violations
In particular. Allgemeine Ortskrankenkasse AOK Baden-Württemberg organised several online lotteries and collected personal data of the participants as well as their health insurance affiliation. Moreover, the LfDI Baden-Württemberg held that with the help of technical and organisational measures, including internal guidelines and data protection training, AOK Baden-Württemberg had aimed to ensure that only data from those contestants who had previously given their effective consent were used for advertising purposes.
However, the LfDI Baden-Württemberg found that the measures defined by Allgemeine Ortskrankenkasse, Baden-Württemberg did not meet the legal requirements and that as a result, the personal data of more than 500 competition participants were used without their consent for advertising purposes.
Furthermore, the LfDI Baden-Württemberg stated that the extensive internal reviews and adjustments of the technical and organisational measures, as well as constructive cooperation with the LfDI Baden-Württemberg were favourable factors when determining the fine pursuant to Article 83(4) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’). In addition, the LfDI Baden-Württemberg considered the size and importance of AOK Baden-Württemberg when calculating the penalty.
Read also: GDPR: 11,5 M EURO Fine to Eni Gas and Luce