In the decision of November 30, 2018, GZ: DSBD122.954/0010-DSB/2018, the data protection authority had to deal with the deletion of personal data in connection with the information obligations of a controller. The complainant demanded that the respondent delete his entries in the consumer and trade credit records regarding insolvency proceedings that had not been opened or had been completed, as the respondent had not informed him of these entries and, moreover, the creditor’s claim had already been settled in full. The data protection authority upheld the complaint and held that, based on the principle set forth in Art. 5 para. 1 lit. a GDPR, a corresponding notification of the complainant pursuant to Art. 14 GDPR is required. In the absence of such, the creditor protection interests on which the respondent relied are no longer justified and the entries were thus made unlawfully. Furthermore, the data protection authority stated that the correctness of the registered information is also a prerequisite for the legality of a registration. However, the entry in the consumer credit record that was the subject of the proceedings gave the impression that insolvency proceedings had been opened and concluded, which was not the case, as such proceedings were not opened in the first place due to a lack of cost-covering assets. The entry was therefore to be deleted for this reason as well. The decision is not legally binding.