On August 22, 2024, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) published its interim report for 2024 in which it imposed fines totaling €130,000 for violations of the General Data Protection Regulation (GDPR) on various companies. 

Background to the decisions

The interim report contains fines imposed by the HmbBfDI up to and including July 2024 for non-compliance with deletion obligations, technical security gaps in customer service systems, delayed information from a debt collection company, and secret recordings in a private context, among other things.

Findings of the HmbBfDI

The total amount of fines collected by HmbBfDI up to July 2024 results from a total of 14 administrative offense proceedings. HmbBfDI imposed the following fines, among others: 

• €11,500 on an advertising company for violating its deletion obligations and technical security gaps in its IT system;
• €16,000 on a hotel for collecting and storing ID card data without a legal basis;
• two fines totaling €45,000 on companies whose support ticket systems had technical security gaps;
• €32,000 on a logistics company for incorrectly disposing of delivery lists;
• €6,000 on an online retailer for reporting a data breach significantly late;
• two fines imposed on police officers for carrying out official database queries for private purposes; and
• five fines imposed on private individuals for taking or storing photographs of people without their consent.

Outcomes

In light of the above, HmbBfDI imposed fines totaling €130,000 on various companies. 

You can read the press release, only available in German, here.