Penalty for denied data disclosure
A company in Hungary refused to provide individuals with information about their personal data stored. Furthermore, this requested the publication of a surveillance video, as this would help in a lawsuit. This request was rejected by the company, on the grounds that this would not help in the dispute. The Hungarian data protection authority NAIH imposed a fine of one million Hungarian forints (about € 3,200) and justified the penalty with the following circumstances:
- type of offence
- with the fact that the data then could be deleted and not restored any more
- it was the company’s first privacy offense
- die Videoüberwachung war grundsätzlich schon unzulässig
The turnover in the previous year amounted to approx. 15.3 million forints (approx. € 50.000, -), whereby the penalty amounts to 6.5% of the annual turnover. The GDPR provides for penalties up to 4% of the worldwide annual turnover OR 20 million euros, whichever is higher .
Handling data subject requests is a complex topic. Every request must be answered, if your company has a lot of requests, it is necessary to automating these tasks. easyGDPR is powerful tool, which gives you the opportunity to do this. More information.
Type of Issue:
violated duty to inform
Number of involved data records:
Special category of data involved: