publishable_de_berlin_2019-05_databreach_summarypublic_0.pdf

Summary Final Decision Art 60
Data Breach Notification

No violation

Background information
Date of final decision: 3 April 2019
LSA: DE-Berlin
CSAs: DE-Lower Saxony, UK
Controller: AWIN AG
Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33), Communication of a personal data breach to the data subject (Article 34)

Decision: No violation
Key words: Data breach

Summary of the Decision
Origin of the case
The controller reported a data breach to the LSA after some laptops were stolen. The laptops contained personal data of business partners, but the majority of the laptops had encrypted hard disks.

Findings
Only 4 laptops could have included personal data, 3 of which were located in Germany and one in the UK. The controller posted breach notifications online following the recommendations by the LSA as per Article 34(3)(c) GDPR.

Decision
The case was closed as the controller followed the recommendations of the LSA.

—
This text has been converted automatically from the PDF available via
https://edpb.europa.eu/our-work-tools/consistency-findings/register-for-article-60-final-decisions_en
using Apache Tika to allow for a better search. This might result in some characters being mangled.
Please see the original file for the official wording at
https://edpb.europa.eu/sites/edpb/files/article-60-final-decisions/summary/publishable_de_berlin_2019-05_databreach_summarypublic_0.pdf