Penalty after refusal to provide data

Penalty after refusal to provide data

A Czech company must pay a fine of 20,000 crowns because it disregarded the GDPR data subject rights. According to the General Data Protection Regulation, every private individual has the right to know how a company or organization processes his or her personal data (see GDPR Article 15). In addition to the right to information, other rights are also provided for, you can find more information here.

In the present case, the authority initiated an investigation after receiving a complaint. For companies, data subject rights are thus increasingly becoming a critical issue in data protection. Thus, penalties have already been imposed several times throughout Europe (see Hungary or Bulgaria).

For large companies, therefore, automated responses to data subject inquiries are essential in order to avoid the risk of countless complaints being filed with the data protection authorities, each of which would result in a fine. You can find more information under easyGDPR Automate data subject requests

Entscheidungsdatum:
26.02.2019

Land:
Czech Republic

Art des Verstoßes:
violated rights of the data subject

Betroffene Datensätze:
1

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 770,-

Quelle:
Decision of the Czech Data Protection Authority (Czech)