|Date of enforcement action:|
|Greece||EUR 150,000 (US$165,000)|
|Defendant company or entity:||Industry segment:|
|Aegean Marine Petroleum Network Inc||Transport /|
The respondent company, Aegean Marine Petroleum Network Inc, was a controller in respect of personal data (mostly employee data) held on a corporate server. The respondent company caused its server to be copied and transfered to the United Kingdom by other companies (apparently service companies). In doing so, the respondent company did not apply the principles and safeguards of the GDPR, including with regard to separating out personal data from corporate or business data. In addition, the respondent company could not identify a clear legal basis upon which it held the personal data records and had not made the relevant data subjects aware of such processing. The respondent company claimed that the copying of data was necessary for malware detection and that its legal basis was legitimate interest. These claims were rejected.
As a result, on 19 December 2019, the Hellenic Data Protection Authority fined Aegean Marine Petroleum Network Inc EUR 150,000.
(Hellenic Data Protection Authority)
|Enforcement authority:||Type of enforcement action:|
|Hellenic Data Protection Authority||Penalty notice|
|Subject to appeal?|
Cite this fine in your work
Data Privacy Fines Index. (2019-12-19 05:31) Aegean Marine Petroleum Network Inc fined EUR 150k. dataprivacyfines.com. Retrieved from https://dataprivacyfines.com/fine/aegean-marine-petroleum-network-inc-fined-eur-150k/
Entry last updated: 2020-01-28 05:37 GMT.