Lithuanian DPA imposes fine for improperly processed personal data of the parents of an adopted child

The Lithuania data protection authority (DPA) has fined the city of Vilnius for infringements of the EU’s General Data Protection Regulation (GDPR). A fine in the amount of EUR 15,000 has been imposed for improperly processed personal data of the parents of an adopted child. The decision states that when processing the e-mail address of the third party (one of the biological parents of the child) as the contact data of the applicant, the Municipality Administration has failed to implement appropriate organisational and technical measures; thus, failing to ensure the principle of accuracy of processed personal data and breached Articles 5(1)(d) and 5(1)(f) of the GDPR.