Penalty against Bulgarian bank
A bank called a customer to inquire about unpaid bills. However, these concerned the neighbor of the called party. Annoyed by this call, the person concerned wanted to make use of his right to be forgotten. However, the financial institution did not respond to his request, which is why he opened a complaint procedure with the Bulgarian data protection authority.
The supervisory authority determined that the call was a violation of the General Data Protection Regulation. Data may only be used for the actual purpose of collection. Since the customer had a consumer loan with the bank, inquiring about his neighbor’s financial status was inadmissible. As a result, the institute was fined 1,000 levs (about 500€).
Entscheidungsdatum:
04.12.2018
Land:
Bulgaria
Art des Verstoßes:
Illegal data processing
Betroffene Datensätze:
1
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 500,-
Violation of GDPR Paragraph:
5. Principles relating to personal data processing
6. Lawfulness of processing
Quelle:
Communication from the Bulgarian Data Protection Authority (Bulgarian)