Fine against Bisnode Polska
Bisnode is an economic database. In the course of the duty to inform, the company has informed only a fraction of the persons concerned. All those affected who did not have an e-mail address were only informed via the website because, according to the company, anything else would have been too much effort.
The Polish data protection authority did not share this opinion and fined the company for deliberately violating the GDPR. In the justification, it was stated, among other things, that of the 90,000 data subjects who were informed, approximately 12,000 objected to further processing of the personal data.
The fine does not exempt the company from the obligation to inform, but it must inform them anyway
Entscheidungsdatum:
26.03.2019
Land:
Poland
Art des Verstoßes:
violated duty to inform
Betroffene Datensätze:
5 700 000
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 220,000,-
Violation of GDPR Paragraph:
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
13. Information to be provided where personal data are collected from the data subject
14. Information to be provided where personal data have not been obtained from the data subject
21. Right to object
25. Data protection by design and by default
5. Principles relating to personal data processing
6. Lawfulness of processing
7. Conditions for consent
83. General conditions for imposing administrative fines
Quelle:
Press release of the Polish data protection authority UODO (English)