Earlier this autumn, the Norwegian Data Protection Authority decided on an administrative fee for Bergen municipality because personal information in the communication system between school and home was not adequately secured. We have now given guidance to Vigilo that they too must take responsibility for the communication failure between the company and the municipality.
Bergen Municipality was fined NOK 3 million for breaches of personal data security due to poor routines for processing addresses where confidentiality is necessary (confidential address). The Norwegian Data Protection Authority has pointed out to Vigilo that those who process data have a duty under the GDPR to assist the municipality in ensuring compliance with the data processing agreement between the parties.
- As we see it, there has been a significant communication failure between Bergen municipality and Vigilo. We are also critical of the fact that the chat functionality that was made available was not part of the agreement between the municipality and Vigilo. This indicates poor communication between the parties for which Vigilo must bear the main responsibility, says Head of section Camilla Nervik.