Penalty for denied data subject request
A Czech company has to pay a fine of CZK 20,000, as it violated the GDPR data subjects rights. According to the General Data Protection Regulation, every private individual has the right to know how a company or organization processes their own personal data (see GDPR Article 15). In addition to the right to information further rights are provided, more information is available here.
In the present case, the Authority initiated an investigation following a complaint. For companies, the data subject rights are becoming more and more a critical issue in data protection. For example, several penalties have been issued throughout Europe (see Hungary or Bulgaria)
For large companies, therefore, the automated answering of inquiries is essential to avoid risking that countless complaints to the data protection authorities. More information can be found at easyGDPR Automated Affected Requests
Entscheidungsdatum:
26.02.2019
Land:
Czech Republic
Art des Verstoßes:
violated rights of the data subject
Betroffene Datensätze:
1
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 770,-
Violation of GDPR Paragraph:
15. Right of access by the data subject
Quelle: