Debt collector

€1,560

Non-compliance with general data processing principles

Decision Date

February 20, 2019

Authority

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

HU

Sector

Finance, Insurance and Consulting

Country

HU

Law

GDPR

Status

FINAL

Description

A data subject requested information about and erasure of the data processed, which the debt collector refused stating that it could not identify the subject. For identification purposes he requested place of birth, mother’s maiden name and further details from the data subject. After the controller succeeded to identify the data subjects he refused to comply with the deletion request, arguing he is legally obliged to retain backup copies according to the Accountancy Act and internal policies. Since he did not properly inform about these policies, the NAIH held the controller breached the principle of transparency. The fine constitutes 0.0025% of the annual profit of the controller.

Legal Citations

Art. 5 (1)Art. 5 (1)

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Data Protection Commissioner of Malta - Lands Auth...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.