Failure to define the criteria for processing the data of certain categories of applicants for the “Covid bonus”, use of unnecessary information in relation to the control purposes, use of incorrect or incomplete data, inadequate assessment of privacy risks.
These are the reasons why the Italian Data Protection Authority ordered to a data controller to pay a fine of €300,000 for multiple violations of the GDPR Regulation committed during the anti-fraud investigations carried out by a social security institute regarding the so-called “Covid bonus”.
