Data Protection Academy » Data Protection News » Swedish Data Protection Agency imposed first fine

Data breakdown school Sweden

Swedish Data Protection Agency imposed first fine

Date: 22.08.2019

Responsible body: School in Skelleftea (Sweden)

Type of data breach: Face recognition school in Skelleftea

Data breach at a school in Sweden: The Swedish Data Protection Agency said it had issued its first fine for a breach of the GDPR against a school in Skelleftea that had been testing facial recognition to register student attendance. The authority investigated the three-week pilot for 22 students and found that the school board's handling of personal data. does not comply with the GDPR. As a result, the Swedish Data Protection Authority imposed its first data protection fine of SEK 200,000.

Categories of data concerned: biometric data (face recognition)

Classification in practice: Biometric data belong to the category of highly sensitive data. If these data are processed, the DSGVO must be observed. External advice from a data protection officer is also recommended.

Fines: 200,000 SEK

Country: Sweden

SourceInternational Association of Privacy Professionals

Back to the overview of the data breaches

Book demo

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

Erasure concept according to the GDPR

Samples, templates and examples for your GDPR erasure concept according to DIN 66398. Automatically create the erasure concept.
Read more

Record of processing activities

List of processing activities according to Art. 30 GDPR. Explained step by step with extensive information. Data protection made easy.
Read more

Technical organisational measures (TOMs)

All information on the technical organisational measures according to the GDPR. What do responsible parties have to observe during implementation and documentation?
Read more