Search Privacy Fines

Articles: Art. 32 GDPR

Because of the inappropriate handling of personal data, more than 6 million individuals had their data hacked. This informational leak was a direct cause of the company’s security laxity.

Articles: Art. 32 GDPR

Articles: Art. 32 GDPR

Data leakage due to the inappropriate security and organizational measures of the company. Information related to more than 23.000 credits records belonging to more than 33.000 customers were made public. The data included names, ID numbers, biometric data, addresses, and copies of identity cards.

Articles: Art. 32 GDPR

Articles: Art. 32 (1) b), c), d) GDPR, Art. 32 (2) GDPR

Articles: Art. 6 GDPR

A private individual complained to the Data Protection Commission of Bulgaria (KZLD) that a debt collection agency has information about her accounts and status of those accounts with the purpose of collecting tax owned by the complainant. The KZLD concluded that the agency had no legal basis to obtain and process the data.

Articles: Art. 6 GDPR

The National Revenue Agency was fined with €28,100 because of the unlawful processing of personal data of a private individual. The personal data of the individual was unlawfully collected and used in an enforcement case against them in order to recover a tax debt of €86,000. The National Revenue Agency also collected bank account data of the affected individual from the Bulgarian National Bank. The Bulgarian DPA argued that this data was collected unlawfully by the National Revenue Agency. This is one of the very rare cases where a DPA fines a government institution for the unlawful processing of personal data.

Articles: Art 6 (1) GDPR, Art 58 (2) e) GDPR, Art 83 (5) a) GDPR

Articles: Art 6 (1) GDPR, Art 58 (2) e) GDPR, Art 83 (5) a) GDPR

The complainant was unlawfully and unknowingly been registered for the prepaid services of a telecommunication service provider. The employees had used personal data illegally and without express consent from the subject. Moreover, the signature on the application was found to be incongruent and dissimilar to the subject’s own signature. The identity card number on the prepaid application was also fake.

Articles: Art. 6 GDPR, Art. 5 (1) a) GDPR

Articles: Art. 6 GDPR, Art. 5 (1) a) GDPR

Articles: Art. 6 (1) GDPR

Articles: Art. 6 (1) GDPR

A fine of €11,760 was issued on the commercial representative of a national telecommunications provider due to the unlawful processing of the personal data of a client. The commercial representative unlawfully processed the data of a client with the goal of closing a contract for mobile telephoning services.

Articles: Art. 6 (1) GDPR

A fine of €5,113 was imposed on a national telecom company for the unlawful processing of the personal data of a citizen. The personal data of the individual was unlawfully accessed and processed in order to cancel a contract.

Articles: Art. 6 GDPR

Articles: Art. 6 GDPR

Articles: Art. 6 (1) GDPR

The Bulgarian Interior Ministry was fined due to the unlawful processing of the personal data of a citizen. The Interior Ministry unlawfully sent the personal data of the citizen to the Togolese Republic.

Articles: Art. 6 (1) GDPR

Articles: Art. 6 (1) GDPR

Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR

The personal data administrator unlawfully processed personal data of subject D.D related to an Employment Contract, while the subject was imprisoned.

Articles: Art. 5 (1) a) GDPR, Art. 6 GDPR

Articles: Art. 6 GDPR

Articles: Art, 25 (1) GDPR, Art. 32 GDPR, Art. 6 GDPR

Articles: Art. 25 (1) GDPR, Art. 32 GDPR

Articles: Art. 6 GDPR