Proximus SA

€50,000

Insufficient involvement of data protection officer

Decision Date

April 28, 2020

Authority

Belgian Data Protection Authority (APD)

BE

Sector

Media, Telecoms and Broadcasting

Country

BE

Law

GDPR

Status

FINAL

Description

According to the data protection authority, the company's data protection officer was not sufficiently involved in the processing of personal data breaches and the company did not have a system in place to prevent a conflict of interest of the DPO, who also held numerous other positions within the company (head of compliance and audit department), which led the DPA to the conclusion that the company's DPO was not able to work independently.

Legal Citations

Art. 31Art. 58Art. 37

Issues & Violations

Insufficient involvement of data protection officer
View Official Document
Back to Fines Database
Previous Fine
Romanian National Supervisory Authority for Person...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.