The EDPB issues a release on the Finnish DPA having investigated Viking Line Oy Abp’s activities after a former employee complaint that him and others had not received all their personal data being stored in the company’s systems despite their request. It emerged that Viking Line has been holding employees health data in an HR system for 20 years. As a result of its investigation, the Finnish DPA imposed an administrative fine of EUR 230,000 on Viking Line for several violations of data protection laws, reprimanded the cruise company, and ordered it to correct its practices and inform its employees of the processing of their personal data as required by the GDPR. Find out more here.