Fine against bulgarian bank

A bank called a customer to inquire about unpaid bills. However, these concerned the neighbor of the called person. Annoyed by this call, the person concerned wanted to make use of his right to be forgotten. However, the bank did not respond to his request, so he opened a complaint procedure with the Bulgarian data protection authority.

The regulator found that the call was a violation of the General Data Protection Regulation. Data may only be used for the actual purpose of the collection. Since the customer had a consumer loan with the bank, a demand on the financial status of his neighbor was inadmissible. Therefore, the institute was fined 1000 levs (about 500 €).

Entscheidungsdatum:
04.12.2018

Land:
Bulgaria

Art des Verstoßes:
Illegal data processing

Betroffene Datensätze:
1

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 500,-

Violation of GDPR Paragraph:

5. Principles relating to personal data processing
6. Lawfulness of processing

Quelle: