Not disclosed
€3K($3K USD)final
Date Issued
2019-03-04
Regulation
Authority
Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Country
Hungary
Violation Type
Non-compliance with subjects' rights protection safeguards
Currency
EUR
Violation Summary
The financial institution refused the data erasure request of a customer, arguing that it was in the institution’s best interests to retain the phone number, given that the customer had debts. However, the NAIH argued that the creditor could communicate with the debtor by post, and the phone number was unnecessary. The financial institution had broken the data minimization and purpose limitation principles. A fine was issued equal to 0.025% of the institution’s annual net revenue.
Articles Violated
Art. 5 (1) b) GDPRArt. 5 (1) c) GDPRArt. 13 (3) GDPRArt. 17 (1) GDPRArt. 6 (4) GDRP
Other Fines for Not disclosed
| Date | Regulation | Amount (USD) | Type |
|---|---|---|---|
| 2019-04-17 | GDPR | $10,152 | Non-compliance with lawful basis for data processing |
| 2019-04-17 | GDPR | $10,152 | Non-compliance with lawful basis for data processing |
| 2019-04-04 | GDPR | $2,052 | Non-compliance with subjects' rights protection safeguards |
| 2019-04-04 | GDPR | $2,052 | Non-compliance with subjects' rights protection safeguards |
| 2019-03-04 | GDPR | $3,456 | Non-compliance with subjects' rights protection safeguards |
| 2018-12-18 | GDPR | $3,456 | Failure to implement sufficient measures to ensure information security |
| 2018-12-18 | GDPR | $3,456 | Failure to implement sufficient measures to ensure information security |