Aegean Marine Petroleum Network Inc fined EUR 150k

Essentials

Date of enforcement action:
19/Dec/2019
Jurisdiction: Fine imposed:
Greece Flag for Greece, which is the jurisdiction taking enforcement action EUR 150,000 (US$165,000)
Defendant company or entity: Industry segment:
Aegean Marine Petroleum Network Inc Transport /

Case summary

The respondent company, Aegean Marine Petroleum Network Inc, was a controller in respect of personal data (mostly employee data) held on a corporate server. The respondent company caused its server to be copied and transfered to the United Kingdom by other companies (apparently service companies). In doing so, the respondent company did not apply the principles and safeguards of the GDPR, including with regard to separating out personal data from corporate or business data. In addition, the respondent company could not identify a clear legal basis upon which it held the personal data records and had not made the relevant data subjects aware of such processing. The respondent company claimed that the copying of data was necessary for malware detection and that its legal basis was legitimate interest. These claims were rejected.

As a result, on 19 December 2019, the Hellenic Data Protection Authority fined Aegean Marine Petroleum Network Inc EUR 150,000.

(Hellenic Data Protection Authority)

Applicable legal provisions

Enforcement information

Enforcement authority: Type of enforcement action:
Hellenic Data Protection Authority Flag for Greece, which is the jurisdiction taking enforcement action Penalty notice
Subject to appeal?
Not known

Cite this fine in your work

Data Privacy Fines Index. (2019-12-19 05:31) Aegean Marine Petroleum Network Inc fined EUR 150k. dataprivacyfines.com. Retrieved from https://dataprivacyfines.com/fine/aegean-marine-petroleum-network-inc-fined-eur-150k/

Entry last updated: 2020-01-28 05:37 GMT.