Result of the resolution: Warning
Security measures must be determined by taking into account the risks arising from the loss or unauthorised access to data (among others). In the present case, it has been proven that the person responsible for the processing of the data concerned did not take appropriate technical and organisational measures to ensure their safety (thinking to prevent unauthorised persons from accessing these data).