Giulio Coraggion of DLA Piper writes:
The first GDPR fine was issued in Italy by the Garante for the lack of implementation of privacy security measures following a data breach on the so-called Rousseau platform operating the websites of the Movimento 5 Stelle party.
The fact of the case relating to the Rousseau platform
Several websites affiliated to the Italian political party Movimento 5 Stelle are run, through a data processor, through the platform named Rousseau. The platform had suffered a data breach during summer 2017 that led the Italian data protection authority, the Garante, to require the implementation of many security measures, in addition to the obligation to update the privacy information notice to give additional transparency to the data processing activities performed.
Read more on Privacy Matters.