Penalty against Czech bank.
A Czech banking company was sentenced to a fine of 250,000 Czech crowns (about €9,700) for inadmissible data collection.
The company used biometric data for the signature. This was not neccesaray for the contract.
The supervisory authority also found recordings of telephone calls with customers. These were stored for the entire contract period and a further ten years. The Company also hereby infringed the principles of personal data processing.
In addition to the abovementioned fine, the Bank will also have to pay the procedural costs of CZK 1,000.
Type of Issue:
Illegal data processing
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
9. Processing of special categories of personal data