Penalty for refusal to provide data
A company in Hungary refused to provide a private individual with information about his stored personal data. Furthermore, the latter requested the surrender of a surveillance video, as this would help in a legal dispute. This request was also rejected by the company, on the grounds that it would not help in the present legal dispute.
The Hungarian data protection authority NAIH then imposed a fine of one million Hungarian forints (approx. € 3,200) and based the amount of the fine on the following circumstances:
- the nature of the offense
- with the fact that the data was subsequently deleted and could not be recovered
- it was the company’s first data privacy breach
- video surveillance was already inadmissible in principle
The turnover in the previous year was about 15.3 million forints (about € 50,000), so the penalty is 6.5% of the annual turnover. The GDPR provides for penalties of up to 4% of annual global turnover OR €20 million, whichever is greater (see GDPR Article 83).
Entscheidungsdatum:
06.03.2019
Land:
Hungary
Art des Verstoßes:
violated duty to inform
Betroffene Datensätze:
1
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 3,200,-
Violation of GDPR Paragraph:
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
15. Right of access by the data subject
31. Cooperation with the supervisory authority
5. Principles relating to personal data processing
83. General conditions for imposing administrative fines
Quelle:
Article in CMS Lawnow (English)