Hunton Andrews Kurth writes:
On April 15, 2019, the Greek Data Protection Authority (“DPA”) fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures.
Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed online, and its results—which included sensitive data such as political opinions, trade union membership and participation in associations—was publicly accessible on the Internet.
Read more on Hunton Andrews Kurth.