Penalty for missing deletion deadlines

Penalty for missing deletion deadlines

The Danish company IDdesign A/S was ordered by the data protection authority to pay a fine of 1.5 million kroner (approx. € 201,000).

In the course of an inspection visit by the authority to the company, it was admitted that an older IT system was still being used at three independent sites. This program stored the data of approximately 385,000 customers (name, home address, telephone number, e-mail address and customer history). However, when asked, the company was unable to specify the period after which data storage is no longer necessary and the data must therefore be deleted. Thus, principles in the processing of personal data were disregarded, which is why the authority issued the fine.

Conclusion

The creation of a procedure directory is one of the essential points of the GDPR. Companies must record all steps in which personal data is processed. Furthermore, the lawfulness and purpose of the processing must be stated. As soon as the data is no longer required, it must be deleted; this process must also be documented in the procedure directory.

Without appropriate software, such a document can neither be created nor meaningfully maintained. With easyGDPR , you can create the mandatory procedure directory at the click of a mouse. Thanks to templates for the most common data processing tasks (e-mail correspondence, contact forms, telephone system, etc.) you will save valuable time when creating them. Meet the requirements of the DSGVO today – with easyGDPR.

Entscheidungsdatum:
03.06.2019

Land:
Denmark

Art des Verstoßes:
Illegal data processing

Betroffene Datensätze:
385000

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 201,000,-

Quelle:
Communication from the Danish Data Protection Authority (Danish)