Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Norway: Datatilsynet sends notification on NOK 2.5M fine to NIF for inadequate security procedures

The Norwegian data protection authority ('Datatilsynet') announced, on 7 December 2020, that it has sent to the Norwegian Sports Confederation ('NIF') a notice of an infringement fine amounting to NOK 2.5 million (approx. €236,000) following the disclosure of the personal data of 3.2 million Norwegians after an error that took place when testing a cloud solution. In particular, Datatilsynet highlighted that NIF had failed to implement sufficient technical and organisational measures, as well as security testing procedures. In addition, Datatilsynet noted that NIF had not implemented a risk assessment and that the processing of data was disproportionate in light of the purposes behind the processing. Moreover, Datatilsynet outlined that NIF had violated the principles of legality, data minimisation, and confidentiality enshrined in Article 5 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR').

Lastly, Datatilsynet stated that this is a notice of an infringement fine and that NIF has until 4 January 2021 to submit feedback before a final decision is taken. 

You can read the announcement here and the notice here, both only available in Norwegian. 

Feedback