The Hellenic Data Protection Authority imposed a fine because this company did not inform data subjects that their data would be processed and stored on company servers, failed to impose technical measures to secure the processing of this data, and failed to separate the software from the data, possibly allowing companies outside the Aegean Marine Petroleum Group to access these servers and the personal data on those servers.

http://www.dpa.gr/APDPXPortlets/htdocs/documentDisplay.jsp?docid=205,136,113,56,60,108,243,88