Latest Fines from around the EU, October 2019

Share Post:

EU data protection fines in october 2019
Table of Contents
    Add a header to begin generating the table of contents

    Here, we’ll cover the latest fines due to lack of data protection.

    Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

    2019-XX-XX        

    €15,150 – Unknown          

    Art. 33 GDPR     

    Insufficient fulfilment of data breach obligations – The data controller did not fulfil its data breach obligations when a flash memory with personal data was lost.

    Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

    2019-10-09         

    €150,000 – Raiffeisen Bank SA      

    Art. 32 GDPR     

    Insufficient technical and organisational measures to ensure information security – Employees had unauthorized access to customer data.

    Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)

    2019-10-09         

    20,000 – Vreau Credit SRL            

    Art. 32, Art. 33 GDPR     

    Insufficient technical and organisational measures to ensure information security – Employees had unauthorized access to customer data.

    (Greese) Hellenic Data Protection Authority (HDPA)

    2019-10-07         

    €200,000 – Telecommunication Service Provider  

    Articles 5(1)(c), 25 GDPR              

    Non-compliance with general data processing principles – A large number of customers were subject to telemarketing calls, although they had declared an opt-out for this. This was ignored due to technical errors.

    (Greese) Hellenic Data Protection Authority (HDPA)

    2019-10-07

    €200,000- Telecommunication Service Provider   

    Articles 21(3) and 25 GDPR         

    Non-compliance with general data processing principles – Inappropriate technical measures resulted in the data of 8,000 customers not being deleted upon request.

    Belgian Data Protection Authority (APD)

    2019-09-19

    €10,000 – Merchant          

    Art. 5 (1) c) GDPR            

    Non-compliance with general data processing principles – The Belgian data protection authority has imposed a fine of 10,000 euros on a merchant who wanted to use an electronic identity card (eID) to create a customer card. The DPA’s investigation revealed that the merchant required access to personal data located on the eID, including the photo and barcode which is linked to the data subject’s identification number.

    Polish National Personal Data Protection Office (UODO)

    2019-09-10         

    €644,780 – Morele.net    

    Art. 32 GDPR     

    Insufficient technical and organisational measures to ensure information security – The Polish data protection authority imposed a fine of over PLN 2.8 million (approx. €644,780) on Morele.net for insufficient organisational and technical safeguards, which led to unauthorised access to the personal data of 2.2 million people.

    Scroll to Top