Penalty against Czech bank.

A Czech banking company was sentenced to a fine of 250,000 Czech crowns (about €9,700) for inadmissible data collection.

The company used biometric data for the signature. This was not neccesaray for the contract.

The supervisory authority also found recordings of telephone calls with customers. These were stored for the entire contract period and a further ten years. The Company also hereby infringed the principles of personal data processing.

In addition to the abovementioned fine, the Bank will also have to pay the procedural costs of CZK 1,000.

Entscheidungsdatum:
01.04.2019

Land:
Czech Republic

Art des Verstoßes:
Illegal data processing

Betroffene Datensätze:
1

Waren sensible Daten betroffen?:
Yes

verhängte Geldstrafe:
€ 9,700,-

Violation of GDPR Paragraph:

9. Processing of special categories of personal data

Quelle:
https://www.bnt.eu/en/news/legal-news/2785-one-year-of-gdpr-taking-stock-of-the-first-fines-and-penalties?layout=bnt:news#:~:text=The%20Czech%20Data%20Protection%20Office,since%20GDPR%20came%20into%20force.&text=The%20highest%20fine%20was%20CZK,it%20should%20have%20had%20erased.