News
πͺπΈ Garbage: Lack of data confidentiality, a club sanctioned
β οΈ Using a Document Shredder Can Prevent Penalties! β οΈ
Source : PS-00460-2024
π A Spanish football club fined for throwing personal data in the trash! ποΈπ
π The Facts
π
In October 2024, the AEPD sanctioned Club Rápido de Bouzas, a sports association in Vigo, for violating the GDPR.
π The local police discovered 1,444 player information forms, including many related to children, discarded in a public container near a stadium.
π Exposed Data:
• Names, surnames, addresses, phone numbers π
• Parental information π¨π©π§, photographs πΈ
• Copies of identity documents π and banking details π³
β Violations Identified
π΄ Breach of Article 5(1)(f) of the GDPR → Lack of confidentiality and failure to implement security measures.
π΄ Breach of Article 32 of the GDPR → No technical and organizational measures were in place to ensure data security.
π‘ Throwing away documents containing personal data without prior destruction is a GDPR violation!
βοΈ Penalty
π° €1,000 fine, reduced to €600 after immediate payment and acknowledgment of responsibility.
π AEPD Recommendation: Ensure proper data retention periods, as some records were kept far beyond the necessary timeframe.
π‘οΈ Best Practices to Avoid This Type of Fine
β
Always use a document shredder to dispose of paper files containing personal data.
β
Implement a data retention and destruction policy.
β
Train your teams on best practices for data protection.
β οΈ Negligence can be costly! π¨ Make sure you properly manage both paper and digital documents to avoid GDPR violations.