Penalty for refusal to provide data

An employee had requested data information (see data subject rights) from his employer, a hospital. For this he sent a registered letter to the company. However, the company ignored the request.

After the data subject filed a complaint with the data protection authority, the hospital issued a statement. A request for data information had not been attached to the letter. The hospital, in contrast to the person concerned, did not participate in the oral hearing.

The data protection authority closed the case and imposed a fine of 1,000 levs (approximately €500) on the company.

Entscheidungsdatum:
22.02.2019

Land:
Bulgaria

Art des Verstoßes:
violated duty to inform

Betroffene Datensätze:
1

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 500,-

Violation of GDPR Paragraph:

12. Transparent information, communication and modalities for the exercise of the rights of the data subject
15. Right of access by the data subject

Quelle:
Communication from the Bulgarian Data Protection Authority (Bulgarian)