AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

1.24M euro GDPR fine for German health insurer

1.24M euro GDPR fine in Germany

On June 25, 2020, German state DPA (LfDI Baden-Württemberg) issued 1.24 million euro fine to AOK Baden-Württemberg- the biggest health insurer in southwest Germany. The fine was issued for the violation of Article 32 of the General Data Protection Regulation (GDPR).

Lack of organizational and technical measures

From 2015 till 2019 the company organized sweepstakes and collected various personal information from participants, including their contact details and affiliation with the health insurance company. The AOK Baden-Württemberg then wanted to use collected data for advertising purposes.

With the help of technical and organizational measures and internal guidelines, the AOK was confident they ensured that only data from those participants who had previously given consent were used for advertising purposes.

However, the measures defined by the AOK did not meet the legal requirements and as a result, the data of 500 participants were used in advertising purposes without proper consent.

Why is the fine so high?

The AOK Baden-Württemberg is an important part of the German health system and the biggest health insurer in southwest Germany with over 4.5 million insured and around 230,000 corporate customers. This was definitely a factor that influenced the DPAs’ decision to issue fine of such magnitude

When defining the amount of the fine, circumstances like the size and importance of the AOK Baden-Württemberg were taken into consideration. Particular attention was also paid to the fact that it is an important part of the health system and that the AOK  responsibility of maintaining and improving the health of the insured was not compromised. The current challenges for the AOK due to the current corona pandemic were also given special consideration.

Conclusion

The State Commissioner for Data Protection and Freedom of Information Dr. Stefan Brink emphasized that “Data security is an ongoing task. Technical and organizational measures must be regularly adjusted to the actual circumstances in order to ensure an appropriate level of protection in the long term.”

With that in mind, AOK made extensive internal reviews and adjustments of its technical and organizational measures and demonstrated a high level of cooperation with a supervisory authority.

For staying up to date on GDPR fines we recommend you check GDPR tracker! You can also read the original press release in German here!

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top