Berlin Commissioner for Data Protection and Freedom of Information
Final decision concerning the data breach reported by
We will close the case about the data breach reported by
According to our recommendations, the company has informed the 30 affected data subjects (seven
from Germany, four from France, four from Italy, seven from Sweden, four from Norway, one from
Finland, three from Austria) according to Art. 34 GDPR. The information was provided in the
respective national language.
We believe that the controller has taken adequate technical and organizational measures. Thus the
faulty function was immediately switched off until the correction (the download function of the
personal data was completely deactivated), later the functionality of the data export was again
activated, with regard to the details we refer to the answer of the company about the
countermeasures.
Consideration was also given to the fact that the data only reached a single data recipient, who
reported the error himself and was requested to delete the data.