Search
Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

1.24M euro GDPR fine for German health insurer

1.24M euro GDPR fine in Germany

On June 25, 2020, German state DPA (LfDI Baden-Württemberg) issued a 1.24 million euro fine to AOK Baden-Württemberg- the biggest health insurer in southwest Germany. The fine was issued for violating Article 32 of the General Data Protection Regulation (GDPR).

Lack of organizational and technical measures

From 2015 to 2019, the company organized sweepstakes and collected various personal information from participants, including their contact details and affiliation with the health insurance company. The AOK Baden-Württemberg then wanted to use collected data for advertising purposes.

With the help of technical and organizational measures and internal guidelines, the AOK was confident they ensured that only data from those participants who had previously given consent were used for advertising purposes.

However, the measures defined by the AOK did not meet the legal requirements, and as a result, the data of 500 participants were used for advertising purposes without proper consent.

Why is the fine so high?

The AOK Baden-Württemberg is an important part of the German health system and the biggest health insurer in southwest Germany, with over 4.5 million insured and around 230,000 corporate customers. This factor influenced the DPAs’ decision to issue fines of such magnitude.

When defining the fine amount, circumstances like the size and importance of the AOK Baden-Württemberg were considered. Particular attention was also paid to the fact that it is an important part of the health system and that the AOK’s responsibility of maintaining and improving the insured’s health was not compromised. The challenges for the AOK due to the coronavirus pandemic were also given special consideration.

Conclusion

The State Commissioner for Data Protection and Freedom of Information, Dr. Stefan Brink, emphasized that “Data security is an ongoing task. Technical and organizational measures must be regularly adjusted to the actual circumstances to ensure an appropriate level of protection in the long term.”

With that in mind, AOK made extensive internal reviews and adjustments to its technical and organizational measures and demonstrated high cooperation with a supervisory authority.

To stay current on GDPR fines, we recommend you check the GDPR tracker! You can also read the original press release in German.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top