The Aegean Marine Petroleum Network Inc. failed to inform data subjects that they would have their data processed and stored on the servers. Moreover, the company failed to impose the necessary technical measures and secure the processing of such large amounts of data, while also failing to impose a separation between the relevant software and the data stored on the servers. As a result, companies outside the Aegean Marine Petroleum Group had access to these servers and, implicitly, to the personal data of data subjects, which they copied from the servers.
• Country: Greece
• Authority: Hellenic Data Protection Authority (HDPA)
• Fine: €150,000
• Organization Fined: Aegean Marine Petroleum Network Inc.
• Article Violated: Art. 5 GDPR, Art. 6 GDPR, Art. 32 GDPR
• Type: Failure to comply with data processing principles