The Company failed to implement technical and organisational measures to protect personal data during the implementation of a new customer portal; the customer financial information in the portal was deemed low risk by the Company, resulting in insufficient testing before the launch of the portal and unauthorized access to 500 other customers’ personal data (name, email, telephone number, loan information, and social security number).
#gdpr #dataprivacy
