This is an HTML version of an attachment to the Freedom of Information request 'Information on Board's minutes & cross border cases'.

Berlin Commissioner for Data Protection and Freedom of Information 
Final decision concerning the data breach reported by
 
 
We will close the case about the data breach reported by 
According to our recommendations, the company has informed the 30 affected data subjects (seven 
from Germany, four from France, four from Italy, seven from Sweden, four from Norway, one from 
Finland, three from Austria) according to Art. 34 GDPR. The information was provided in the 
respective national language. 
 
We believe that the controller has taken adequate technical and organizational measures. Thus the 
faulty function was immediately switched off until the correction (the download function of the 
personal data was completely deactivated), later the functionality of the data export was again 
activated, with regard to the details we refer to the answer of the company about the 
countermeasures. 
 
Consideration was also given to the fact that the data only reached a single data recipient, who 
reported the error himself and was requested to delete the data.