National Revenue Agency
€28K($30K USD)final
Date Issued
2019-09-03
Regulation
Authority
Data Protection Commission of Bulgaria (KZLD)
Country
Bulgaria
Violation Type
Non-compliance with lawful basis for data processing
Currency
EUR
Violation Summary
The National Revenue Agency was fined with €28,100 because of the unlawful processing of personal data of a private individual. The personal data of the individual was unlawfully collected and used in an enforcement case against them in order to recover a tax debt of €86,000. The National Revenue Agency also collected bank account data of the affected individual from the Bulgarian National Bank. The Bulgarian DPA argued that this data was collected unlawfully by the National Revenue Agency. This is one of the very rare cases where a DPA fines a government institution for the unlawful processing of personal data.
Articles Violated
Art 6 (1) GDPRArt 58 (2) e) GDPRArt 83 (5) a) GDPR
Other Fines for National Revenue Agency
| Date | Regulation | Amount (USD) | Type |
|---|---|---|---|
| 2019-09-03 | GDPR | $30,348 | Non-compliance with lawful basis for data processing |
| 2019-08-28 | GDPR | $2,808,000 | Failure to implement sufficient measures to ensure information security |
| 2019-08-28 | GDPR | $2,808,000 | Failure to implement sufficient measures to ensure information security |