Data Privacy Knowledge

Fine Against Debeka for Violating Data Protection Obligations

Debeka Pays 1.3 Million Euros Fines for Violating GDPR ​

The Debeka Krankenversicherungsverein a.G. (Debeka) insurance group accepted the fine of 1.3 million euros issued by the Commissioner for Data Protection and Freedom of Information – LfDI (Landesbeauftragten für den Datenschutz und die Informationsfreiheit) of the German state of Rhineland-Palatinate.

Debeka was fined due to a violation of data protection laws when processing personal data that the company had received from so-called tipsters. Tipsters provide insurance agents with names and contact information of people potentially looking to conclude a contract.

As a result of the data breach, the company policy on tipsters at Debeka has been amended. A monitoring process has been established so that disclosing addresses is only possible if the parties concerned give their formal consent.

As a result of this incident, Data Protection Officers at insurance companies must check whether and to what extent their company organizes and controls the addresses generated by tipsters. The fine against Debeka clearly shows that data protection compliance through corporate policies alone (without accompanying inspections) is not enough for the supervisory authorities. In addition, the LfDI initially aimed to prosecute the board members of Debeka, but refrained from doing so due to the company’s willingness to cooperate, which minimized the amount of the fine.

Debeka demonstrated exemplary crisis communication after learning of the incident. In addition to seamlessly providing information and joint statements to the LfDI, the company is making an extra €600,000 available to set up an endowed chair that will oversee the basic research for ensuring effective data protection and its implementation in practice.

Similar Blog Posts

10th Enterprise User Meeting of 2B Advice was a complete success! 10th Enterprise User Meeting of 2B Advice was a complete success!

2B Advice invited to a personal group user meeting of the data protection management solution 2B Advice PrIME for the first time in three years on October 13, 2022.

New EuroPriSe Experts New EuroPriSe Experts

2B Advice proudly announces that 15 experienced legal and technical privacy professionals have been admitted as EuroPriSe Experts recently.

Children's Data Protection Children's Data Protection

California is safeguarding children's online information from exploitation by corporations by introducing the Age Appropriate Design Code Act requesting a Privacy Impact Assessment.


Blog Categories