Penalty for denied data disclosure
A company in Hungary refused to provide individuals with information about their personal data stored. Furthermore, this requested the publication of a surveillance video, as this would help in a lawsuit. This request was rejected by the company, on the grounds that this would not help in the dispute. The Hungarian data protection authority NAIH imposed a fine of one million Hungarian forints (about € 3,200) and justified the penalty with the following circumstances:
- type of offence
- with the fact that the data then could be deleted and not restored any more
- it was the company’s first privacy offense
- die Videoüberwachung war grundsätzlich schon unzulässig
The turnover in the previous year amounted to approx. 15.3 million forints (approx. € 50.000, -), whereby the penalty amounts to 6.5% of the annual turnover. The GDPR provides for penalties up to 4% of the worldwide annual turnover OR 20 million euros, whichever is higher .
Handling data subject requests is a complex topic. Every request must be answered, if your company has a lot of requests, it is necessary to automating these tasks. easyGDPR is powerful tool, which gives you the opportunity to do this. More information.
Entscheidungsdatum:
06.03.2019
Land:
Hungary
Art des Verstoßes:
violated duty to inform
Betroffene Datensätze:
1
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 3,200,-
Violation of GDPR Paragraph:
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
15. Right of access by the data subject
31. Cooperation with the supervisory authority
5. Principles relating to personal data processing
83. General conditions for imposing administrative fines
Quelle: