Bergen Municipality

€170K($184K USD)final

Date Issued

2019-03-29

Regulation

GDPR

Authority

Norwegian Supervisory Authority (Datatilsynet)

Country

Norway

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

The municipality had employed insufficient security measures in protecting its computer systems. As a result, personal data related to more than 35.000 individuals became publicly accessible. In the case of a few schools, anyone could access information related to the staff, the pupils, and the employees of the school. Moreover, the municipality has received warnings about the weakness of its security measures before but chose not to do anything.

Articles Violated

Art. 5 (1) f) GDPRArt. 32 GDPR

View Source Document →

Other Fines for Bergen Municipality

Date	Regulation	Amount (USD)	Type
2020-09-03	GDPR	$298,080	Failure to implement sufficient measures to ensure information security
2020-09-03	GDPR	$298,080	Non-compliance with lawful basis for data processing
2019-03-29	GDPR	$183,600	Failure to implement sufficient measures to ensure information security